diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9dff6c1a375..3eaa8532c93 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,21 @@
+Release v1.44.246 (2023-04-19)
+===
+
+### Service Client Updates
+* `service/comprehend`: Updates service API and documentation
+* `service/ecs`: Updates service API and documentation
+ * This release supports the Account Setting "TagResourceAuthorization" that allows for enhanced Tagging security controls.
+* `service/ram`: Updates service API, documentation, and paginators
+* `service/rds`: Updates service API, documentation, waiters, paginators, and examples
+ * Adds support for the ImageId parameter of CreateCustomDBEngineVersion to RDS Custom for Oracle
+* `service/s3`: Updates service API, documentation, and examples
+ * Provides support for "Snow" Storage class.
+* `service/s3control`: Adds new service
+ * Provides support for overriding endpoint when region is "snow". This will enable bucket APIs for Amazon S3 Compatible storage on Snow Family devices.
+* `service/secretsmanager`: Updates service documentation and examples
+ * Documentation updates for Secrets Manager
+* `service/securityhub`: Updates service examples
+
Release v1.44.245 (2023-04-17)
===
diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go
index debf74510cb..f170a3b53a8 100644
--- a/aws/endpoints/defaults.go
+++ b/aws/endpoints/defaults.go
@@ -3317,12 +3317,18 @@ var awsPartition = partition{
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
+ endpointKey{
+ Region: "ap-southeast-4",
+ }: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
endpointKey{
Region: "eu-central-1",
}: endpoint{},
+ endpointKey{
+ Region: "eu-central-2",
+ }: endpoint{},
endpointKey{
Region: "eu-north-1",
}: endpoint{},
@@ -32426,12 +32432,44 @@ var awsusgovPartition = partition{
endpointKey{
Region: "us-gov-east-1",
}: endpoint{
+ Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com",
+ Protocols: []string{"http", "https"},
+ },
+ endpointKey{
+ Region: "us-gov-east-1",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com",
+ Protocols: []string{"http", "https"},
+ },
+ endpointKey{
+ Region: "us-gov-east-1-fips",
+ }: endpoint{
+ Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com",
Protocols: []string{"http", "https"},
+
+ Deprecated: boxedTrue,
},
endpointKey{
Region: "us-gov-west-1",
}: endpoint{
+ Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com",
+ Protocols: []string{"http", "https"},
+ },
+ endpointKey{
+ Region: "us-gov-west-1",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com",
+ Protocols: []string{"http", "https"},
+ },
+ endpointKey{
+ Region: "us-gov-west-1-fips",
+ }: endpoint{
+ Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com",
Protocols: []string{"http", "https"},
+
+ Deprecated: boxedTrue,
},
},
},
diff --git a/aws/version.go b/aws/version.go
index f34d398202f..fa533405a8b 100644
--- a/aws/version.go
+++ b/aws/version.go
@@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
-const SDKVersion = "1.44.245"
+const SDKVersion = "1.44.246"
diff --git a/models/apis/comprehend/2017-11-27/api-2.json b/models/apis/comprehend/2017-11-27/api-2.json
index 6857e61da83..3819266b61f 100644
--- a/models/apis/comprehend/2017-11-27/api-2.json
+++ b/models/apis/comprehend/2017-11-27/api-2.json
@@ -976,6 +976,7 @@
{"shape":"ResourceUnavailableException"},
{"shape":"KmsKeyValidationException"},
{"shape":"TooManyTagsException"},
+ {"shape":"ResourceInUseException"},
{"shape":"InternalServerException"}
]
},
@@ -992,6 +993,7 @@
{"shape":"TooManyRequestsException"},
{"shape":"KmsKeyValidationException"},
{"shape":"TooManyTagsException"},
+ {"shape":"ResourceInUseException"},
{"shape":"InternalServerException"}
]
},
@@ -1010,6 +1012,7 @@
{"shape":"ResourceUnavailableException"},
{"shape":"KmsKeyValidationException"},
{"shape":"TooManyTagsException"},
+ {"shape":"ResourceInUseException"},
{"shape":"InternalServerException"}
]
},
@@ -1026,6 +1029,7 @@
{"shape":"TooManyRequestsException"},
{"shape":"KmsKeyValidationException"},
{"shape":"TooManyTagsException"},
+ {"shape":"ResourceInUseException"},
{"shape":"InternalServerException"}
]
},
@@ -1058,6 +1062,7 @@
{"shape":"TooManyRequestsException"},
{"shape":"KmsKeyValidationException"},
{"shape":"TooManyTagsException"},
+ {"shape":"ResourceInUseException"},
{"shape":"InternalServerException"}
]
},
@@ -1074,6 +1079,7 @@
{"shape":"TooManyRequestsException"},
{"shape":"KmsKeyValidationException"},
{"shape":"TooManyTagsException"},
+ {"shape":"ResourceInUseException"},
{"shape":"InternalServerException"}
]
},
@@ -1090,6 +1096,7 @@
{"shape":"TooManyRequestsException"},
{"shape":"KmsKeyValidationException"},
{"shape":"TooManyTagsException"},
+ {"shape":"ResourceInUseException"},
{"shape":"InternalServerException"}
]
},
@@ -1106,6 +1113,7 @@
{"shape":"TooManyRequestsException"},
{"shape":"KmsKeyValidationException"},
{"shape":"TooManyTagsException"},
+ {"shape":"ResourceInUseException"},
{"shape":"InternalServerException"}
]
},
@@ -1122,6 +1130,7 @@
{"shape":"TooManyRequestsException"},
{"shape":"KmsKeyValidationException"},
{"shape":"TooManyTagsException"},
+ {"shape":"ResourceInUseException"},
{"shape":"InternalServerException"}
]
},
@@ -1634,7 +1643,8 @@
"Labels":{"shape":"ListOfLabels"},
"DocumentMetadata":{"shape":"DocumentMetadata"},
"DocumentType":{"shape":"ListOfDocumentType"},
- "Errors":{"shape":"ListOfErrors"}
+ "Errors":{"shape":"ListOfErrors"},
+ "Warnings":{"shape":"ListOfWarnings"}
},
"sensitive":true
},
@@ -2454,6 +2464,21 @@
"AUGMENTED_MANIFEST"
]
},
+ "DocumentClassifierDocumentTypeFormat":{
+ "type":"string",
+ "enum":[
+ "PLAIN_TEXT_DOCUMENT",
+ "SEMI_STRUCTURED_DOCUMENT"
+ ]
+ },
+ "DocumentClassifierDocuments":{
+ "type":"structure",
+ "required":["S3Uri"],
+ "members":{
+ "S3Uri":{"shape":"S3Uri"},
+ "TestS3Uri":{"shape":"S3Uri"}
+ }
+ },
"DocumentClassifierEndpointArn":{
"type":"string",
"max":256,
@@ -2475,7 +2500,10 @@
"S3Uri":{"shape":"S3Uri"},
"TestS3Uri":{"shape":"S3Uri"},
"LabelDelimiter":{"shape":"LabelDelimiter"},
- "AugmentedManifests":{"shape":"DocumentClassifierAugmentedManifestsList"}
+ "AugmentedManifests":{"shape":"DocumentClassifierAugmentedManifestsList"},
+ "DocumentType":{"shape":"DocumentClassifierDocumentTypeFormat"},
+ "Documents":{"shape":"DocumentClassifierDocuments"},
+ "DocumentReaderConfig":{"shape":"DocumentReaderConfig"}
}
},
"DocumentClassifierMode":{
@@ -3590,6 +3618,10 @@
"type":"list",
"member":{"shape":"TargetedSentimentEntity"}
},
+ "ListOfWarnings":{
+ "type":"list",
+ "member":{"shape":"WarningsListItem"}
+ },
"ListPiiEntitiesDetectionJobsRequest":{
"type":"structure",
"members":{
@@ -3726,6 +3758,13 @@
"INTERNAL_SERVER_ERROR"
]
},
+ "PageBasedWarningCode":{
+ "type":"string",
+ "enum":[
+ "INFERENCING_PLAINTEXT_WITH_NATIVE_TRAINED_MODEL",
+ "INFERENCING_NATIVE_DOCUMENT_WITH_PLAINTEXT_TRAINED_MODEL"
+ ]
+ },
"PartOfSpeechTag":{
"type":"structure",
"members":{
@@ -4750,6 +4789,14 @@
"SecurityGroupIds":{"shape":"SecurityGroupIds"},
"Subnets":{"shape":"Subnets"}
}
+ },
+ "WarningsListItem":{
+ "type":"structure",
+ "members":{
+ "Page":{"shape":"Integer"},
+ "WarnCode":{"shape":"PageBasedWarningCode"},
+ "WarnMessage":{"shape":"String"}
+ }
}
}
}
diff --git a/models/apis/comprehend/2017-11-27/docs-2.json b/models/apis/comprehend/2017-11-27/docs-2.json
index 2ddba539845..9531a05a683 100644
--- a/models/apis/comprehend/2017-11-27/docs-2.json
+++ b/models/apis/comprehend/2017-11-27/docs-2.json
@@ -11,7 +11,7 @@
"ClassifyDocument": "Creates a new document classification request to analyze a single document in real-time, using a previously created and trained custom model and an endpoint.
You can input plain text or you can upload a single-page input document (text, PDF, Word, or image).
If the system detects errors while processing a page in the input document, the API response includes an entry in Errors that describes the errors.
If the system detects a document-level error in your input document, the API returns an InvalidRequestException error response. For details about this exception, see Errors in semi-structured documents in the Comprehend Developer Guide.
",
"ContainsPiiEntities": "Analyzes input text for the presence of personally identifiable information (PII) and returns the labels of identified PII entity types such as name, address, bank account number, or phone number.
",
"CreateDataset": "Creates a dataset to upload training or test data for a model associated with a flywheel. For more information about datasets, see Flywheel overview in the Amazon Comprehend Developer Guide.
",
- "CreateDocumentClassifier": "Creates a new document classifier that you can use to categorize documents. To create a classifier, you provide a set of training documents that labeled with the categories that you want to use. After the classifier is trained you can use it to categorize a set of labeled documents into the categories. For more information, see Document Classification in the Comprehend Developer Guide.
",
+ "CreateDocumentClassifier": "Creates a new document classifier that you can use to categorize documents. To create a classifier, you provide a set of training documents that are labeled with the categories that you want to use. For more information, see Training classifier models in the Comprehend Developer Guide.
",
"CreateEndpoint": "Creates a model-specific endpoint for synchronous inference for a previously trained custom model For information about endpoints, see Managing endpoints.
",
"CreateEntityRecognizer": "Creates an entity recognizer using submitted files. After your CreateEntityRecognizer request is submitted, you can check job status using the DescribeEntityRecognizer API.
",
"CreateFlywheel": "A flywheel is an Amazon Web Services resource that orchestrates the ongoing training of a model for custom classification or custom entity recognition. You can create a flywheel to start with an existing trained model, or Comprehend can create and train a new model.
When you create the flywheel, Comprehend creates a data lake in your account. The data lake holds the training data and test data for all versions of the model.
To use a flywheel with an existing trained model, you specify the active model version. Comprehend copies the model's training data and test data into the flywheel's data lake.
To use the flywheel with a new model, you need to provide a dataset for training data (and optional test data) when you create the flywheel.
For more information about flywheels, see Flywheel overview in the Amazon Comprehend Developer Guide.
",
@@ -972,6 +972,18 @@
"DocumentClassifierInputDataConfig$DataFormat": "The format of your training data:
-
COMPREHEND_CSV: A two-column CSV file, where labels are provided in the first column, and documents are provided in the second. If you use this value, you must provide the S3Uri parameter in your request.
-
AUGMENTED_MANIFEST: A labeled dataset that is produced by Amazon SageMaker Ground Truth. This file is in JSON lines format. Each line is a complete JSON object that contains a training document and its associated labels.
If you use this value, you must provide the AugmentedManifests parameter in your request.
If you don't specify a value, Amazon Comprehend uses COMPREHEND_CSV as the default.
"
}
},
+ "DocumentClassifierDocumentTypeFormat": {
+ "base": null,
+ "refs": {
+ "DocumentClassifierInputDataConfig$DocumentType": "The type of input documents for training the model. Provide plain-text documents to create a plain-text model, and provide semi-structured documents to create a native model.
"
+ }
+ },
+ "DocumentClassifierDocuments": {
+ "base": "The location of the training documents. This parameter is required in a request to create a native classifier model.
",
+ "refs": {
+ "DocumentClassifierInputDataConfig$Documents": "The S3 location of the training documents. This parameter is required in a request to create a native classifier model.
"
+ }
+ },
"DocumentClassifierEndpointArn": {
"base": null,
"refs": {
@@ -1000,9 +1012,9 @@
}
},
"DocumentClassifierOutputDataConfig": {
- "base": "Provides output results configuration parameters for custom classifier jobs.
",
+ "base": "Provide the location for output data from a custom classifier job. This field is mandatory if you are training a native classifier model.
",
"refs": {
- "CreateDocumentClassifierRequest$OutputDataConfig": "Enables the addition of output results configuration parameters for custom classifier jobs.
",
+ "CreateDocumentClassifierRequest$OutputDataConfig": "Specifies the location for the output files from a custom classifier job. This parameter is required for a request that creates a native classifier model.
",
"DocumentClassifierProperties$OutputDataConfig": " Provides output results configuration parameters for custom classifier jobs.
"
}
},
@@ -1063,10 +1075,11 @@
}
},
"DocumentReaderConfig": {
- "base": "Provides configuration parameters to override the default actions for extracting text from PDF documents and image files.
By default, Amazon Comprehend performs the following actions to extract text from files, based on the input file type:
-
Word files - Amazon Comprehend parser extracts the text.
-
Digital PDF files - Amazon Comprehend parser extracts the text.
-
Image files and scanned PDF files - Amazon Comprehend uses the Amazon Textract DetectDocumentText API to extract the text.
DocumentReaderConfig does not apply to plain text files or Word files.
For image files and PDF documents, you can override these default actions using the fields listed below. For more information, see Setting text extraction options.
",
+ "base": "Provides configuration parameters to override the default actions for extracting text from PDF documents and image files.
By default, Amazon Comprehend performs the following actions to extract text from files, based on the input file type:
-
Word files - Amazon Comprehend parser extracts the text.
-
Digital PDF files - Amazon Comprehend parser extracts the text.
-
Image files and scanned PDF files - Amazon Comprehend uses the Amazon Textract DetectDocumentText API to extract the text.
DocumentReaderConfig does not apply to plain text files or Word files.
For image files and PDF documents, you can override these default actions using the fields listed below. For more information, see Setting text extraction options in the Comprehend Developer Guide.
",
"refs": {
"ClassifyDocumentRequest$DocumentReaderConfig": "Provides configuration parameters to override the default actions for extracting text from PDF documents and image files.
",
"DetectEntitiesRequest$DocumentReaderConfig": "Provides configuration parameters to override the default actions for extracting text from PDF documents and image files.
",
+ "DocumentClassifierInputDataConfig$DocumentReaderConfig": null,
"InputDataConfig$DocumentReaderConfig": "Provides configuration parameters to override the default actions for extracting text from PDF documents and image files.
"
}
},
@@ -1618,7 +1631,8 @@
"SyntaxToken$EndOffset": "The zero-based offset from the beginning of the source text to the last character in the word.
",
"TargetedSentimentMention$BeginOffset": "The offset into the document text where the mention begins.
",
"TargetedSentimentMention$EndOffset": "The offset into the document text where the mention ends.
",
- "TopicsDetectionJobProperties$NumberOfTopics": "The number of topics to detect supplied when you created the topic detection job. The default is 10.
"
+ "TopicsDetectionJobProperties$NumberOfTopics": "The number of topics to detect supplied when you created the topic detection job. The default is 10.
",
+ "WarningsListItem$Page": "Page number in the input document.
"
}
},
"InternalServerException": {
@@ -2186,6 +2200,12 @@
"DetectTargetedSentimentResponse$Entities": "Targeted sentiment analysis for each of the entities identified in the input text.
"
}
},
+ "ListOfWarnings": {
+ "base": null,
+ "refs": {
+ "ClassifyDocumentResponse$Warnings": "Warnings detected while processing the input document. The response includes a warning if there is a mismatch between the input document type and the model type associated with the endpoint that you specified. The response can also include warnings for individual pages that have a mismatch.
The field is empty if the system generated no warnings.
"
+ }
+ },
"ListPiiEntitiesDetectionJobsRequest": {
"base": null,
"refs": {
@@ -2274,7 +2294,7 @@
"base": null,
"refs": {
"DocumentClassifierFilter$Status": "Filters the list of classifiers based on status.
",
- "DocumentClassifierProperties$Status": "The status of the document classifier. If the status is TRAINED the classifier is ready to use. If the status is FAILED you can see additional information about why the classifier wasn't trained in the Message field.
",
+ "DocumentClassifierProperties$Status": "The status of the document classifier. If the status is TRAINED the classifier is ready to use. If the status is TRAINED_WITH_WARNINGS the classifier training succeeded, but you should review the warnings returned in the CreateDocumentClassifier response.
If the status is FAILED you can see additional information about why the classifier wasn't trained in the Message field.
",
"DocumentClassifierSummary$LatestVersionStatus": "Provides the status of the latest document classifier version.
",
"EntityRecognizerFilter$Status": "The status of an entity recognizer.
",
"EntityRecognizerProperties$Status": "Provides the status of the entity recognizer.
",
@@ -2329,6 +2349,12 @@
"ErrorsListItem$ErrorCode": "Error code for the cause of the error.
"
}
},
+ "PageBasedWarningCode": {
+ "base": null,
+ "refs": {
+ "WarningsListItem$WarnCode": "The type of warning.
"
+ }
+ },
"PartOfSpeechTag": {
"base": "Identifies the part of speech represented by the token and gives the confidence that Amazon Comprehend has that the part of speech was correctly identified. For more information about the parts of speech that Amazon Comprehend can identify, see Syntax in the Comprehend Developer Guide.
",
"refs": {
@@ -2486,9 +2512,11 @@
"DatasetEntityRecognizerDocuments$S3Uri": " Specifies the Amazon S3 location where the documents for the dataset are located.
",
"DatasetEntityRecognizerEntityList$S3Uri": "Specifies the Amazon S3 location where the entity list is located.
",
"DatasetProperties$DatasetS3Uri": "The S3 URI where the dataset is stored.
",
+ "DocumentClassifierDocuments$S3Uri": "The S3 URI location of the training documents specified in the S3Uri CSV file.
",
+ "DocumentClassifierDocuments$TestS3Uri": "The S3 URI location of the test documents included in the TestS3Uri CSV file. This field is not required if you do not specify a test CSV file.
",
"DocumentClassifierInputDataConfig$S3Uri": "The Amazon S3 URI for the input data. The S3 bucket must be in the same Region as the API endpoint that you are calling. The URI can point to a single input file or it can provide the prefix for a collection of input files.
For example, if you use the URI S3://bucketName/prefix, if the prefix is a single file, Amazon Comprehend uses that file as input. If more than one file begins with the prefix, Amazon Comprehend uses all of them as input.
This parameter is required if you set DataFormat to COMPREHEND_CSV.
",
"DocumentClassifierInputDataConfig$TestS3Uri": "This specifies the Amazon S3 location where the test annotations for an entity recognizer are located. The URI must be in the same Amazon Web Services Region as the API endpoint that you are calling.
",
- "DocumentClassifierOutputDataConfig$S3Uri": "When you use the OutputDataConfig object while creating a custom classifier, you specify the Amazon S3 location where you want to write the confusion matrix. The URI must be in the same Region as the API endpoint that you are calling. The location is used as the prefix for the actual location of this output file.
When the custom classifier job is finished, the service creates the output file in a directory specific to the job. The S3Uri field contains the location of the output file, called output.tar.gz. It is a compressed archive that contains the confusion matrix.
",
+ "DocumentClassifierOutputDataConfig$S3Uri": "When you use the OutputDataConfig object while creating a custom classifier, you specify the Amazon S3 location where you want to write the confusion matrix and other output files. The URI must be in the same Region as the API endpoint that you are calling. The location is used as the prefix for the actual location of this output file.
When the custom classifier job is finished, the service creates the output file in a directory specific to the job. The S3Uri field contains the location of the output file, called output.tar.gz. It is a compressed archive that contains the confusion matrix.
",
"DocumentClassifierOutputDataConfig$FlywheelStatsS3Prefix": "The Amazon S3 prefix for the data lake location of the flywheel statistics.
",
"EntityRecognizerAnnotations$S3Uri": " Specifies the Amazon S3 location where the annotations for an entity recognizer are located. The URI must be in the same Region as the API endpoint that you are calling.
",
"EntityRecognizerAnnotations$TestS3Uri": " Specifies the Amazon S3 location where the test annotations for an entity recognizer are located. The URI must be in the same Region as the API endpoint that you are calling.
",
@@ -2823,7 +2851,8 @@
"TooManyRequestsException$Message": null,
"TooManyTagKeysException$Message": null,
"TooManyTagsException$Message": null,
- "UnsupportedLanguageException$Message": null
+ "UnsupportedLanguageException$Message": null,
+ "WarningsListItem$WarnMessage": "Text message associated with the warning.
"
}
},
"StringList": {
@@ -3156,6 +3185,12 @@
"TopicsDetectionJobProperties$VpcConfig": "Configuration parameters for a private Virtual Private Cloud (VPC) containing the resources you are using for your topic detection job. For more information, see Amazon VPC.
",
"UpdateDataSecurityConfig$VpcConfig": null
}
+ },
+ "WarningsListItem": {
+ "base": "The system identified one of the following warnings while processing the input document:
-
The document to classify is plain text, but the classifier is a native model.
-
The document to classify is semi-structured, but the classifier is a plain-text model.
",
+ "refs": {
+ "ListOfWarnings$member": null
+ }
}
}
}
diff --git a/models/apis/comprehend/2017-11-27/endpoint-tests-1.json b/models/apis/comprehend/2017-11-27/endpoint-tests-1.json
index a63e830fa03..c63e085f161 100644
--- a/models/apis/comprehend/2017-11-27/endpoint-tests-1.json
+++ b/models/apis/comprehend/2017-11-27/endpoint-tests-1.json
@@ -8,9 +8,9 @@
}
},
"params": {
+ "Region": "ap-northeast-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-northeast-1"
+ "UseDualStack": false
}
},
{
@@ -21,9 +21,9 @@
}
},
"params": {
+ "Region": "ap-northeast-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-northeast-2"
+ "UseDualStack": false
}
},
{
@@ -34,9 +34,9 @@
}
},
"params": {
+ "Region": "ap-south-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-south-1"
+ "UseDualStack": false
}
},
{
@@ -47,9 +47,9 @@
}
},
"params": {
+ "Region": "ap-southeast-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-southeast-1"
+ "UseDualStack": false
}
},
{
@@ -60,9 +60,9 @@
}
},
"params": {
+ "Region": "ap-southeast-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-southeast-2"
+ "UseDualStack": false
}
},
{
@@ -73,9 +73,9 @@
}
},
"params": {
+ "Region": "ca-central-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ca-central-1"
+ "UseDualStack": false
}
},
{
@@ -86,9 +86,9 @@
}
},
"params": {
+ "Region": "eu-central-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-central-1"
+ "UseDualStack": false
}
},
{
@@ -99,9 +99,9 @@
}
},
"params": {
+ "Region": "eu-west-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-west-1"
+ "UseDualStack": false
}
},
{
@@ -112,9 +112,9 @@
}
},
"params": {
+ "Region": "eu-west-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-west-2"
+ "UseDualStack": false
}
},
{
@@ -125,9 +125,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-east-1"
+ "UseDualStack": false
}
},
{
@@ -138,9 +138,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-east-1"
+ "UseDualStack": false
}
},
{
@@ -151,9 +151,9 @@
}
},
"params": {
+ "Region": "us-east-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-east-2"
+ "UseDualStack": false
}
},
{
@@ -164,9 +164,9 @@
}
},
"params": {
+ "Region": "us-east-2",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-east-2"
+ "UseDualStack": false
}
},
{
@@ -177,9 +177,9 @@
}
},
"params": {
+ "Region": "us-west-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-west-2"
+ "UseDualStack": false
}
},
{
@@ -190,9 +190,9 @@
}
},
"params": {
+ "Region": "us-west-2",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-west-2"
+ "UseDualStack": false
}
},
{
@@ -203,9 +203,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "us-east-1"
+ "UseDualStack": true
}
},
{
@@ -216,9 +216,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "us-east-1"
+ "UseDualStack": true
}
},
{
@@ -229,9 +229,9 @@
}
},
"params": {
+ "Region": "cn-north-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "cn-north-1"
+ "UseDualStack": true
}
},
{
@@ -242,9 +242,9 @@
}
},
"params": {
+ "Region": "cn-north-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "cn-north-1"
+ "UseDualStack": false
}
},
{
@@ -255,9 +255,9 @@
}
},
"params": {
+ "Region": "cn-north-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "cn-north-1"
+ "UseDualStack": true
}
},
{
@@ -268,9 +268,9 @@
}
},
"params": {
+ "Region": "cn-north-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "cn-north-1"
+ "UseDualStack": false
}
},
{
@@ -281,9 +281,9 @@
}
},
"params": {
+ "Region": "us-gov-west-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-gov-west-1"
+ "UseDualStack": false
}
},
{
@@ -294,9 +294,9 @@
}
},
"params": {
+ "Region": "us-gov-west-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-gov-west-1"
+ "UseDualStack": false
}
},
{
@@ -307,9 +307,9 @@
}
},
"params": {
+ "Region": "us-gov-east-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "us-gov-east-1"
+ "UseDualStack": true
}
},
{
@@ -320,9 +320,9 @@
}
},
"params": {
+ "Region": "us-gov-east-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-gov-east-1"
+ "UseDualStack": false
}
},
{
@@ -333,9 +333,9 @@
}
},
"params": {
+ "Region": "us-gov-east-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "us-gov-east-1"
+ "UseDualStack": true
}
},
{
@@ -346,9 +346,9 @@
}
},
"params": {
+ "Region": "us-gov-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-gov-east-1"
+ "UseDualStack": false
}
},
{
@@ -359,9 +359,9 @@
}
},
"params": {
+ "Region": "us-iso-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-iso-east-1"
+ "UseDualStack": false
}
},
{
@@ -370,9 +370,9 @@
"error": "FIPS and DualStack are enabled, but this partition does not support one or both"
},
"params": {
+ "Region": "us-iso-east-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "us-iso-east-1"
+ "UseDualStack": true
}
},
{
@@ -383,9 +383,9 @@
}
},
"params": {
+ "Region": "us-iso-east-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-iso-east-1"
+ "UseDualStack": false
}
},
{
@@ -394,9 +394,9 @@
"error": "DualStack is enabled but this partition does not support DualStack"
},
"params": {
+ "Region": "us-iso-east-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "us-iso-east-1"
+ "UseDualStack": true
}
},
{
@@ -405,9 +405,9 @@
"error": "FIPS and DualStack are enabled, but this partition does not support one or both"
},
"params": {
+ "Region": "us-isob-east-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "us-isob-east-1"
+ "UseDualStack": true
}
},
{
@@ -418,9 +418,9 @@
}
},
"params": {
+ "Region": "us-isob-east-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-isob-east-1"
+ "UseDualStack": false
}
},
{
@@ -429,9 +429,9 @@
"error": "DualStack is enabled but this partition does not support DualStack"
},
"params": {
+ "Region": "us-isob-east-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "us-isob-east-1"
+ "UseDualStack": true
}
},
{
@@ -442,9 +442,9 @@
}
},
"params": {
+ "Region": "us-isob-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-isob-east-1"
+ "UseDualStack": false
}
},
{
@@ -455,9 +455,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
"UseDualStack": false,
- "Region": "us-east-1",
"Endpoint": "https://example.com"
}
},
@@ -480,9 +480,9 @@
"error": "Invalid Configuration: FIPS and custom endpoint are not supported"
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": true,
"UseDualStack": false,
- "Region": "us-east-1",
"Endpoint": "https://example.com"
}
},
@@ -492,9 +492,9 @@
"error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
"UseDualStack": true,
- "Region": "us-east-1",
"Endpoint": "https://example.com"
}
},
diff --git a/models/apis/ecs/2014-11-13/api-2.json b/models/apis/ecs/2014-11-13/api-2.json
index 33b0420b5b2..caec3719df4 100644
--- a/models/apis/ecs/2014-11-13/api-2.json
+++ b/models/apis/ecs/2014-11-13/api-2.json
@@ -3157,7 +3157,8 @@
"containerInstanceLongArnFormat",
"awsvpcTrunking",
"containerInsights",
- "fargateFIPSMode"
+ "fargateFIPSMode",
+ "tagResourceAuthorization"
]
},
"Settings":{
diff --git a/models/apis/ecs/2014-11-13/docs-2.json b/models/apis/ecs/2014-11-13/docs-2.json
index a73bb2ffbb4..c52035b35f4 100644
--- a/models/apis/ecs/2014-11-13/docs-2.json
+++ b/models/apis/ecs/2014-11-13/docs-2.json
@@ -35,7 +35,7 @@
"ListTaskDefinitionFamilies": "Returns a list of task definition families that are registered to your account. This list includes task definition families that no longer have any ACTIVE task definition revisions.
You can filter out task definition families that don't contain any ACTIVE task definition revisions by setting the status parameter to ACTIVE. You can also filter the results with the familyPrefix parameter.
",
"ListTaskDefinitions": "Returns a list of task definitions that are registered to your account. You can filter the results by family name with the familyPrefix parameter or by status with the status parameter.
",
"ListTasks": "Returns a list of tasks. You can filter the results by cluster, task definition family, container instance, launch type, what IAM principal started the task, or by the desired status of the task.
Recently stopped tasks might appear in the returned results. Currently, stopped tasks appear in the returned results for at least one hour.
",
- "PutAccountSetting": "Modifies an account setting. Account settings are set on a per-Region basis.
If you change the root user account setting, the default settings are reset for users and roles that do not have specified individual account settings. For more information, see Account Settings in the Amazon Elastic Container Service Developer Guide.
When serviceLongArnFormat, taskLongArnFormat, or containerInstanceLongArnFormat are specified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
When awsvpcTrunking is specified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.
When containerInsights is specified, the default setting indicating whether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If containerInsights is turned on, any new clusters that are created will have Container Insights turned on unless you disable it during cluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
",
+ "PutAccountSetting": "Modifies an account setting. Account settings are set on a per-Region basis.
If you change the root user account setting, the default settings are reset for users and roles that do not have specified individual account settings. For more information, see Account Settings in the Amazon Elastic Container Service Developer Guide.
When serviceLongArnFormat, taskLongArnFormat, or containerInstanceLongArnFormat are specified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
When awsvpcTrunking is specified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.
When containerInsights is specified, the default setting indicating whether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If containerInsights is turned on, any new clusters that are created will have Container Insights turned on unless you disable it during cluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.
",
"PutAccountSettingDefault": "Modifies an account setting for all users on an account for whom no individual account setting has been specified. Account settings are set on a per-Region basis.
",
"PutAttributes": "Create or update an attribute on an Amazon ECS resource. If the attribute doesn't exist, it's created. If the attribute exists, its value is replaced with the specified value. To delete an attribute, use DeleteAttributes. For more information, see Attributes in the Amazon Elastic Container Service Developer Guide.
",
"PutClusterCapacityProviders": "Modifies the available capacity providers and the default capacity provider strategy for a cluster.
You must specify both the available capacity providers and a default capacity provider strategy for the cluster. If the specified cluster has existing capacity providers associated with it, you must specify all existing capacity providers in addition to any new ones you want to add. Any existing capacity providers that are associated with a cluster that are omitted from a PutClusterCapacityProviders API call will be disassociated with the cluster. You can only disassociate an existing capacity provider from a cluster if it's not being used by any existing tasks.
When creating a service or running a task on a cluster, if no capacity provider or launch type is specified, then the cluster's default capacity provider strategy is used. We recommend that you define a default capacity provider strategy for your cluster. However, you must specify an empty array ([]) to bypass defining a default strategy.
",
@@ -187,7 +187,7 @@
"Service$enableExecuteCommand": "Determines whether the execute command functionality is turned on for the service. If true, the execute command functionality is turned on for all containers in tasks as part of the service.
",
"ServiceConnectConfiguration$enabled": "Specifies whether to use Service Connect with this service.
",
"StartTaskRequest$enableECSManagedTags": "Specifies whether to use Amazon ECS managed tags for the task. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide.
",
- "StartTaskRequest$enableExecuteCommand": "Whether or not the execute command functionality is turned on for the task. If true, this enables execute command functionality on all containers in the task.
",
+ "StartTaskRequest$enableExecuteCommand": "Whether or not the execute command functionality is turned on for the task. If true, this turns on the execute command functionality on all containers in the task.
",
"Task$enableExecuteCommand": "Determines whether execute command functionality is turned on for this task. If true, execute command functionality is turned on all the containers in the task.
",
"UpdateServiceRequest$forceNewDeployment": "Determines whether to force a new deployment of the service. By default, deployments aren't forced. You can use this option to start a new deployment with no service definition changes. For example, you can update a service's tasks to use a newer Docker image with the same image/tag combination (my_image:latest) or to roll Fargate tasks onto a newer platform version.
",
"UpdateTaskProtectionRequest$protectionEnabled": "Specify true to mark a task for protection and false to unset protection, making it eligible for termination.
"
@@ -924,9 +924,9 @@
}
},
"EphemeralStorage": {
- "base": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate. For more information, see Fargate task storage in the Amazon ECS User Guide for Fargate.
For tasks using the Fargate launch type, the task requires the following platforms:
",
+ "base": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate. For more information, see Fargate task storage in the Amazon ECS User Guide for Fargate.
For tasks using the Fargate launch type, the task requires the following platforms:
",
"refs": {
- "RegisterTaskDefinitionRequest$ephemeralStorage": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate. For more information, see Fargate task storage in the Amazon ECS User Guide for Fargate.
For tasks using the Fargate launch type, the task requires the following platforms:
",
+ "RegisterTaskDefinitionRequest$ephemeralStorage": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate. For more information, see Fargate task storage in the Amazon ECS User Guide for Fargate.
For tasks using the Fargate launch type, the task requires the following platforms:
",
"Task$ephemeralStorage": "The ephemeral storage settings for the task.
",
"TaskDefinition$ephemeralStorage": "The ephemeral storage settings to use for tasks run with the task definition.
",
"TaskOverride$ephemeralStorage": "The ephemeral storage setting override for the task.
This parameter is only supported for tasks hosted on Fargate that use the following platform versions:
"
@@ -1935,8 +1935,8 @@
"refs": {
"DeleteAccountSettingRequest$name": "The resource name to disable the account setting for. If serviceLongArnFormat is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If awsvpcTrunking is specified, the ENI limit for your Amazon ECS container instances is affected.
",
"ListAccountSettingsRequest$name": "The name of the account setting you want to list the settings for.
",
- "PutAccountSettingDefaultRequest$name": "The resource name for which to modify the account setting. If serviceLongArnFormat is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If awsvpcTrunking is specified, the ENI limit for your Amazon ECS container instances is affected. If containerInsights is specified, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected.
When you specify fargateFIPSMode for the name and enabled for the value, Fargate uses FIPS-140 compliant cryptographic algorithms on your tasks. For more information about FIPS-140 compliance with Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2 compliance in the Amazon Elastic Container Service Developer Guide.
",
- "PutAccountSettingRequest$name": "The Amazon ECS resource name for which to modify the account setting. If serviceLongArnFormat is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If awsvpcTrunking is specified, the elastic network interface (ENI) limit for your Amazon ECS container instances is affected. If containerInsights is specified, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If fargateFIPSMode is specified, Fargate FIPS 140 compliance is affected.
",
+ "PutAccountSettingDefaultRequest$name": "The resource name for which to modify the account setting. If serviceLongArnFormat is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If awsvpcTrunking is specified, the ENI limit for your Amazon ECS container instances is affected. If containerInsights is specified, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If tagResourceAuthorization is specified, the opt-in option for tagging resources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer Guide.
When you specify fargateFIPSMode for the name and enabled for the value, Fargate uses FIPS-140 compliant cryptographic algorithms on your tasks. For more information about FIPS-140 compliance with Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2 compliance in the Amazon Elastic Container Service Developer Guide.
",
+ "PutAccountSettingRequest$name": "The Amazon ECS resource name for which to modify the account setting. If serviceLongArnFormat is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If awsvpcTrunking is specified, the elastic network interface (ENI) limit for your Amazon ECS container instances is affected. If containerInsights is specified, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If fargateFIPSMode is specified, Fargate FIPS 140 compliance is affected. If tagResourceAuthorization is specified, the opt-in option for tagging resources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer Guide.
",
"Setting$name": "The Amazon ECS resource name.
"
}
},
diff --git a/models/apis/ram/2018-01-04/api-2.json b/models/apis/ram/2018-01-04/api-2.json
index bc2b614e2db..108203c7934 100644
--- a/models/apis/ram/2018-01-04/api-2.json
+++ b/models/apis/ram/2018-01-04/api-2.json
@@ -75,6 +75,48 @@
{"shape":"OperationNotPermittedException"}
]
},
+ "CreatePermission":{
+ "name":"CreatePermission",
+ "http":{
+ "method":"POST",
+ "requestUri":"/createpermission"
+ },
+ "input":{"shape":"CreatePermissionRequest"},
+ "output":{"shape":"CreatePermissionResponse"},
+ "errors":[
+ {"shape":"InvalidParameterException"},
+ {"shape":"InvalidPolicyException"},
+ {"shape":"OperationNotPermittedException"},
+ {"shape":"ServerInternalException"},
+ {"shape":"ServiceUnavailableException"},
+ {"shape":"PermissionAlreadyExistsException"},
+ {"shape":"MalformedPolicyTemplateException"},
+ {"shape":"InvalidClientTokenException"},
+ {"shape":"PermissionLimitExceededException"},
+ {"shape":"IdempotentParameterMismatchException"}
+ ]
+ },
+ "CreatePermissionVersion":{
+ "name":"CreatePermissionVersion",
+ "http":{
+ "method":"POST",
+ "requestUri":"/createpermissionversion"
+ },
+ "input":{"shape":"CreatePermissionVersionRequest"},
+ "output":{"shape":"CreatePermissionVersionResponse"},
+ "errors":[
+ {"shape":"InvalidParameterException"},
+ {"shape":"InvalidPolicyException"},
+ {"shape":"ServerInternalException"},
+ {"shape":"ServiceUnavailableException"},
+ {"shape":"UnknownResourceException"},
+ {"shape":"MalformedPolicyTemplateException"},
+ {"shape":"MalformedArnException"},
+ {"shape":"InvalidClientTokenException"},
+ {"shape":"IdempotentParameterMismatchException"},
+ {"shape":"PermissionVersionsLimitExceededException"}
+ ]
+ },
"CreateResourceShare":{
"name":"CreateResourceShare",
"http":{
@@ -97,6 +139,43 @@
{"shape":"ServiceUnavailableException"}
]
},
+ "DeletePermission":{
+ "name":"DeletePermission",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/deletepermission"
+ },
+ "input":{"shape":"DeletePermissionRequest"},
+ "output":{"shape":"DeletePermissionResponse"},
+ "errors":[
+ {"shape":"MalformedArnException"},
+ {"shape":"ServerInternalException"},
+ {"shape":"ServiceUnavailableException"},
+ {"shape":"OperationNotPermittedException"},
+ {"shape":"UnknownResourceException"},
+ {"shape":"InvalidClientTokenException"},
+ {"shape":"IdempotentParameterMismatchException"}
+ ]
+ },
+ "DeletePermissionVersion":{
+ "name":"DeletePermissionVersion",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/deletepermissionversion"
+ },
+ "input":{"shape":"DeletePermissionVersionRequest"},
+ "output":{"shape":"DeletePermissionVersionResponse"},
+ "errors":[
+ {"shape":"MalformedArnException"},
+ {"shape":"InvalidParameterException"},
+ {"shape":"ServerInternalException"},
+ {"shape":"ServiceUnavailableException"},
+ {"shape":"OperationNotPermittedException"},
+ {"shape":"UnknownResourceException"},
+ {"shape":"InvalidClientTokenException"},
+ {"shape":"IdempotentParameterMismatchException"}
+ ]
+ },
"DeleteResourceShare":{
"name":"DeleteResourceShare",
"http":{
@@ -279,6 +358,22 @@
{"shape":"ResourceShareInvitationExpiredException"}
]
},
+ "ListPermissionAssociations":{
+ "name":"ListPermissionAssociations",
+ "http":{
+ "method":"POST",
+ "requestUri":"/listpermissionassociations"
+ },
+ "input":{"shape":"ListPermissionAssociationsRequest"},
+ "output":{"shape":"ListPermissionAssociationsResponse"},
+ "errors":[
+ {"shape":"InvalidParameterException"},
+ {"shape":"MalformedArnException"},
+ {"shape":"InvalidNextTokenException"},
+ {"shape":"ServerInternalException"},
+ {"shape":"ServiceUnavailableException"}
+ ]
+ },
"ListPermissionVersions":{
"name":"ListPermissionVersions",
"http":{
@@ -330,6 +425,21 @@
{"shape":"ServiceUnavailableException"}
]
},
+ "ListReplacePermissionAssociationsWork":{
+ "name":"ListReplacePermissionAssociationsWork",
+ "http":{
+ "method":"POST",
+ "requestUri":"/listreplacepermissionassociationswork"
+ },
+ "input":{"shape":"ListReplacePermissionAssociationsWorkRequest"},
+ "output":{"shape":"ListReplacePermissionAssociationsWorkResponse"},
+ "errors":[
+ {"shape":"ServerInternalException"},
+ {"shape":"ServiceUnavailableException"},
+ {"shape":"InvalidNextTokenException"},
+ {"shape":"InvalidParameterException"}
+ ]
+ },
"ListResourceSharePermissions":{
"name":"ListResourceSharePermissions",
"http":{
@@ -381,6 +491,24 @@
{"shape":"ServiceUnavailableException"}
]
},
+ "PromotePermissionCreatedFromPolicy":{
+ "name":"PromotePermissionCreatedFromPolicy",
+ "http":{
+ "method":"POST",
+ "requestUri":"/promotepermissioncreatedfrompolicy"
+ },
+ "input":{"shape":"PromotePermissionCreatedFromPolicyRequest"},
+ "output":{"shape":"PromotePermissionCreatedFromPolicyResponse"},
+ "errors":[
+ {"shape":"MalformedArnException"},
+ {"shape":"OperationNotPermittedException"},
+ {"shape":"InvalidParameterException"},
+ {"shape":"MissingRequiredParameterException"},
+ {"shape":"ServerInternalException"},
+ {"shape":"ServiceUnavailableException"},
+ {"shape":"UnknownResourceException"}
+ ]
+ },
"PromoteResourceShareCreatedFromPolicy":{
"name":"PromoteResourceShareCreatedFromPolicy",
"http":{
@@ -397,7 +525,9 @@
{"shape":"MissingRequiredParameterException"},
{"shape":"ServerInternalException"},
{"shape":"ServiceUnavailableException"},
- {"shape":"UnknownResourceException"}
+ {"shape":"UnknownResourceException"},
+ {"shape":"InvalidStateTransitionException"},
+ {"shape":"UnmatchedPolicyPermissionException"}
]
},
"RejectResourceShareInvitation":{
@@ -421,6 +551,43 @@
{"shape":"IdempotentParameterMismatchException"}
]
},
+ "ReplacePermissionAssociations":{
+ "name":"ReplacePermissionAssociations",
+ "http":{
+ "method":"POST",
+ "requestUri":"/replacepermissionassociations"
+ },
+ "input":{"shape":"ReplacePermissionAssociationsRequest"},
+ "output":{"shape":"ReplacePermissionAssociationsResponse"},
+ "errors":[
+ {"shape":"MalformedArnException"},
+ {"shape":"InvalidParameterException"},
+ {"shape":"ServerInternalException"},
+ {"shape":"ServiceUnavailableException"},
+ {"shape":"OperationNotPermittedException"},
+ {"shape":"UnknownResourceException"},
+ {"shape":"InvalidClientTokenException"},
+ {"shape":"IdempotentParameterMismatchException"}
+ ]
+ },
+ "SetDefaultPermissionVersion":{
+ "name":"SetDefaultPermissionVersion",
+ "http":{
+ "method":"POST",
+ "requestUri":"/setdefaultpermissionversion"
+ },
+ "input":{"shape":"SetDefaultPermissionVersionRequest"},
+ "output":{"shape":"SetDefaultPermissionVersionResponse"},
+ "errors":[
+ {"shape":"InvalidParameterException"},
+ {"shape":"MalformedArnException"},
+ {"shape":"ServerInternalException"},
+ {"shape":"ServiceUnavailableException"},
+ {"shape":"UnknownResourceException"},
+ {"shape":"InvalidClientTokenException"},
+ {"shape":"IdempotentParameterMismatchException"}
+ ]
+ },
"TagResource":{
"name":"TagResource",
"http":{
@@ -449,7 +616,9 @@
"input":{"shape":"UntagResourceRequest"},
"output":{"shape":"UntagResourceResponse"},
"errors":[
+ {"shape":"UnknownResourceException"},
{"shape":"InvalidParameterException"},
+ {"shape":"MalformedArnException"},
{"shape":"ServerInternalException"},
{"shape":"ServiceUnavailableException"}
]
@@ -529,7 +698,65 @@
"clientToken":{"shape":"String"}
}
},
+ "AssociatedPermission":{
+ "type":"structure",
+ "members":{
+ "arn":{"shape":"String"},
+ "permissionVersion":{"shape":"String"},
+ "defaultVersion":{"shape":"Boolean"},
+ "resourceType":{"shape":"String"},
+ "status":{"shape":"String"},
+ "featureSet":{"shape":"PermissionFeatureSet"},
+ "lastUpdatedTime":{"shape":"DateTime"},
+ "resourceShareArn":{"shape":"String"}
+ }
+ },
+ "AssociatedPermissionList":{
+ "type":"list",
+ "member":{"shape":"AssociatedPermission"}
+ },
"Boolean":{"type":"boolean"},
+ "CreatePermissionRequest":{
+ "type":"structure",
+ "required":[
+ "name",
+ "resourceType",
+ "policyTemplate"
+ ],
+ "members":{
+ "name":{"shape":"PermissionName"},
+ "resourceType":{"shape":"String"},
+ "policyTemplate":{"shape":"Policy"},
+ "clientToken":{"shape":"String"},
+ "tags":{"shape":"TagList"}
+ }
+ },
+ "CreatePermissionResponse":{
+ "type":"structure",
+ "members":{
+ "permission":{"shape":"ResourceSharePermissionSummary"},
+ "clientToken":{"shape":"String"}
+ }
+ },
+ "CreatePermissionVersionRequest":{
+ "type":"structure",
+ "required":[
+ "permissionArn",
+ "policyTemplate"
+ ],
+ "members":{
+ "permissionArn":{"shape":"String"},
+ "policyTemplate":{"shape":"Policy"},
+ "clientToken":{"shape":"String"}
+ }
+ },
+ "CreatePermissionVersionResponse":{
+ "type":"structure",
+ "members":{
+ "permission":{"shape":"ResourceSharePermissionDetail"},
+ "clientToken":{"shape":"String"}
+ }
+ },
"CreateResourceShareRequest":{
"type":"structure",
"required":["name"],
@@ -551,6 +778,62 @@
}
},
"DateTime":{"type":"timestamp"},
+ "DeletePermissionRequest":{
+ "type":"structure",
+ "required":["permissionArn"],
+ "members":{
+ "permissionArn":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"permissionArn"
+ },
+ "clientToken":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"clientToken"
+ }
+ }
+ },
+ "DeletePermissionResponse":{
+ "type":"structure",
+ "members":{
+ "returnValue":{"shape":"Boolean"},
+ "clientToken":{"shape":"String"},
+ "permissionStatus":{"shape":"PermissionStatus"}
+ }
+ },
+ "DeletePermissionVersionRequest":{
+ "type":"structure",
+ "required":[
+ "permissionArn",
+ "permissionVersion"
+ ],
+ "members":{
+ "permissionArn":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"permissionArn"
+ },
+ "permissionVersion":{
+ "shape":"Integer",
+ "location":"querystring",
+ "locationName":"permissionVersion"
+ },
+ "clientToken":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"clientToken"
+ }
+ }
+ },
+ "DeletePermissionVersionResponse":{
+ "type":"structure",
+ "members":{
+ "returnValue":{"shape":"Boolean"},
+ "clientToken":{"shape":"String"},
+ "permissionStatus":{"shape":"PermissionStatus"}
+ }
+ },
"DeleteResourceShareRequest":{
"type":"structure",
"required":["resourceShareArn"],
@@ -699,7 +982,8 @@
"tagFilters":{"shape":"TagFilters"},
"nextToken":{"shape":"String"},
"maxResults":{"shape":"MaxResults"},
- "permissionArn":{"shape":"String"}
+ "permissionArn":{"shape":"String"},
+ "permissionVersion":{"shape":"Integer"}
}
},
"GetResourceSharesResponse":{
@@ -755,6 +1039,15 @@
"error":{"httpStatusCode":400},
"exception":true
},
+ "InvalidPolicyException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{"httpStatusCode":400},
+ "exception":true
+ },
"InvalidResourceTypeException":{
"type":"structure",
"required":["message"],
@@ -790,6 +1083,26 @@
"nextToken":{"shape":"String"}
}
},
+ "ListPermissionAssociationsRequest":{
+ "type":"structure",
+ "members":{
+ "permissionArn":{"shape":"String"},
+ "permissionVersion":{"shape":"Integer"},
+ "associationStatus":{"shape":"ResourceShareAssociationStatus"},
+ "resourceType":{"shape":"String"},
+ "featureSet":{"shape":"PermissionFeatureSet"},
+ "defaultVersion":{"shape":"Boolean"},
+ "nextToken":{"shape":"String"},
+ "maxResults":{"shape":"MaxResults"}
+ }
+ },
+ "ListPermissionAssociationsResponse":{
+ "type":"structure",
+ "members":{
+ "permissions":{"shape":"AssociatedPermissionList"},
+ "nextToken":{"shape":"String"}
+ }
+ },
"ListPermissionVersionsRequest":{
"type":"structure",
"required":["permissionArn"],
@@ -811,7 +1124,8 @@
"members":{
"resourceType":{"shape":"String"},
"nextToken":{"shape":"String"},
- "maxResults":{"shape":"MaxResults"}
+ "maxResults":{"shape":"MaxResults"},
+ "permissionType":{"shape":"PermissionTypeFilter"}
}
},
"ListPermissionsResponse":{
@@ -841,6 +1155,22 @@
"nextToken":{"shape":"String"}
}
},
+ "ListReplacePermissionAssociationsWorkRequest":{
+ "type":"structure",
+ "members":{
+ "workIds":{"shape":"ReplacePermissionAssociationsWorkIdList"},
+ "status":{"shape":"ReplacePermissionAssociationsWorkStatus"},
+ "nextToken":{"shape":"String"},
+ "maxResults":{"shape":"MaxResults"}
+ }
+ },
+ "ListReplacePermissionAssociationsWorkResponse":{
+ "type":"structure",
+ "members":{
+ "replacePermissionAssociationsWorks":{"shape":"ReplacePermissionAssociationsWorkList"},
+ "nextToken":{"shape":"String"}
+ }
+ },
"ListResourceSharePermissionsRequest":{
"type":"structure",
"required":["resourceShareArn"],
@@ -902,6 +1232,15 @@
"error":{"httpStatusCode":400},
"exception":true
},
+ "MalformedPolicyTemplateException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{"httpStatusCode":400},
+ "exception":true
+ },
"MaxResults":{
"type":"integer",
"max":500,
@@ -925,10 +1264,75 @@
"error":{"httpStatusCode":400},
"exception":true
},
+ "PermissionAlreadyExistsException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{"httpStatusCode":409},
+ "exception":true
+ },
"PermissionArnList":{
"type":"list",
"member":{"shape":"String"}
},
+ "PermissionFeatureSet":{
+ "type":"string",
+ "enum":[
+ "CREATED_FROM_POLICY",
+ "PROMOTING_TO_STANDARD",
+ "STANDARD"
+ ]
+ },
+ "PermissionLimitExceededException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{"httpStatusCode":400},
+ "exception":true
+ },
+ "PermissionName":{
+ "type":"string",
+ "max":36,
+ "min":1,
+ "pattern":"[\\w.-]*"
+ },
+ "PermissionStatus":{
+ "type":"string",
+ "enum":[
+ "ATTACHABLE",
+ "UNATTACHABLE",
+ "DELETING",
+ "DELETED"
+ ]
+ },
+ "PermissionType":{
+ "type":"string",
+ "enum":[
+ "CUSTOMER_MANAGED",
+ "AWS_MANAGED"
+ ]
+ },
+ "PermissionTypeFilter":{
+ "type":"string",
+ "enum":[
+ "ALL",
+ "AWS_MANAGED",
+ "CUSTOMER_MANAGED"
+ ]
+ },
+ "PermissionVersionsLimitExceededException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{"httpStatusCode":400},
+ "exception":true
+ },
"Policy":{"type":"string"},
"PolicyList":{
"type":"list",
@@ -952,6 +1356,25 @@
"type":"list",
"member":{"shape":"Principal"}
},
+ "PromotePermissionCreatedFromPolicyRequest":{
+ "type":"structure",
+ "required":[
+ "permissionArn",
+ "name"
+ ],
+ "members":{
+ "permissionArn":{"shape":"String"},
+ "name":{"shape":"String"},
+ "clientToken":{"shape":"String"}
+ }
+ },
+ "PromotePermissionCreatedFromPolicyResponse":{
+ "type":"structure",
+ "members":{
+ "permission":{"shape":"ResourceSharePermissionSummary"},
+ "clientToken":{"shape":"String"}
+ }
+ },
"PromoteResourceShareCreatedFromPolicyRequest":{
"type":"structure",
"required":["resourceShareArn"],
@@ -984,6 +1407,56 @@
"clientToken":{"shape":"String"}
}
},
+ "ReplacePermissionAssociationsRequest":{
+ "type":"structure",
+ "required":[
+ "fromPermissionArn",
+ "toPermissionArn"
+ ],
+ "members":{
+ "fromPermissionArn":{"shape":"String"},
+ "fromPermissionVersion":{"shape":"Integer"},
+ "toPermissionArn":{"shape":"String"},
+ "clientToken":{"shape":"String"}
+ }
+ },
+ "ReplacePermissionAssociationsResponse":{
+ "type":"structure",
+ "members":{
+ "replacePermissionAssociationsWork":{"shape":"ReplacePermissionAssociationsWork"},
+ "clientToken":{"shape":"String"}
+ }
+ },
+ "ReplacePermissionAssociationsWork":{
+ "type":"structure",
+ "members":{
+ "id":{"shape":"String"},
+ "fromPermissionArn":{"shape":"String"},
+ "fromPermissionVersion":{"shape":"String"},
+ "toPermissionArn":{"shape":"String"},
+ "toPermissionVersion":{"shape":"String"},
+ "status":{"shape":"ReplacePermissionAssociationsWorkStatus"},
+ "statusMessage":{"shape":"String"},
+ "creationTime":{"shape":"DateTime"},
+ "lastUpdatedTime":{"shape":"DateTime"}
+ }
+ },
+ "ReplacePermissionAssociationsWorkIdList":{
+ "type":"list",
+ "member":{"shape":"String"}
+ },
+ "ReplacePermissionAssociationsWorkList":{
+ "type":"list",
+ "member":{"shape":"ReplacePermissionAssociationsWork"}
+ },
+ "ReplacePermissionAssociationsWorkStatus":{
+ "type":"string",
+ "enum":[
+ "IN_PROGRESS",
+ "COMPLETED",
+ "FAILED"
+ ]
+ },
"Resource":{
"type":"structure",
"members":{
@@ -1194,7 +1667,11 @@
"permission":{"shape":"String"},
"creationTime":{"shape":"DateTime"},
"lastUpdatedTime":{"shape":"DateTime"},
- "isResourceTypeDefault":{"shape":"Boolean"}
+ "isResourceTypeDefault":{"shape":"Boolean"},
+ "permissionType":{"shape":"PermissionType"},
+ "featureSet":{"shape":"PermissionFeatureSet"},
+ "status":{"shape":"PermissionStatus"},
+ "tags":{"shape":"TagList"}
}
},
"ResourceSharePermissionList":{
@@ -1212,7 +1689,10 @@
"status":{"shape":"String"},
"creationTime":{"shape":"DateTime"},
"lastUpdatedTime":{"shape":"DateTime"},
- "isResourceTypeDefault":{"shape":"Boolean"}
+ "isResourceTypeDefault":{"shape":"Boolean"},
+ "permissionType":{"shape":"PermissionType"},
+ "featureSet":{"shape":"PermissionFeatureSet"},
+ "tags":{"shape":"TagList"}
}
},
"ResourceShareStatus":{
@@ -1265,6 +1745,25 @@
"error":{"httpStatusCode":503},
"exception":true
},
+ "SetDefaultPermissionVersionRequest":{
+ "type":"structure",
+ "required":[
+ "permissionArn",
+ "permissionVersion"
+ ],
+ "members":{
+ "permissionArn":{"shape":"String"},
+ "permissionVersion":{"shape":"Integer"},
+ "clientToken":{"shape":"String"}
+ }
+ },
+ "SetDefaultPermissionVersionResponse":{
+ "type":"structure",
+ "members":{
+ "returnValue":{"shape":"Boolean"},
+ "clientToken":{"shape":"String"}
+ }
+ },
"String":{"type":"string"},
"Tag":{
"type":"structure",
@@ -1313,13 +1812,11 @@
},
"TagResourceRequest":{
"type":"structure",
- "required":[
- "resourceShareArn",
- "tags"
- ],
+ "required":["tags"],
"members":{
"resourceShareArn":{"shape":"String"},
- "tags":{"shape":"TagList"}
+ "tags":{"shape":"TagList"},
+ "resourceArn":{"shape":"String"}
}
},
"TagResourceResponse":{
@@ -1350,15 +1847,22 @@
"error":{"httpStatusCode":400},
"exception":true
},
+ "UnmatchedPolicyPermissionException":{
+ "type":"structure",
+ "required":["message"],
+ "members":{
+ "message":{"shape":"String"}
+ },
+ "error":{"httpStatusCode":400},
+ "exception":true
+ },
"UntagResourceRequest":{
"type":"structure",
- "required":[
- "resourceShareArn",
- "tagKeys"
- ],
+ "required":["tagKeys"],
"members":{
"resourceShareArn":{"shape":"String"},
- "tagKeys":{"shape":"TagKeyList"}
+ "tagKeys":{"shape":"TagKeyList"},
+ "resourceArn":{"shape":"String"}
}
},
"UntagResourceResponse":{
diff --git a/models/apis/ram/2018-01-04/docs-2.json b/models/apis/ram/2018-01-04/docs-2.json
index b1dee0db303..32963186693 100644
--- a/models/apis/ram/2018-01-04/docs-2.json
+++ b/models/apis/ram/2018-01-04/docs-2.json
@@ -1,31 +1,40 @@
{
"version": "2.0",
- "service": "This is the Resource Access Manager API Reference. This documentation provides descriptions and syntax for each of the actions and data types in RAM. RAM is a service that helps you securely share your Amazon Web Services resources across Amazon Web Services accounts. If you have multiple Amazon Web Services accounts, you can use RAM to share those resources with other accounts. If you use Organizations to manage your accounts, then you share your resources with your organization or organizational units (OUs). For supported resource types, you can also share resources with individual Identity and Access Management (IAM) roles an users.
To learn more about RAM, see the following resources:
",
+ "service": "This is the Resource Access Manager API Reference. This documentation provides descriptions and syntax for each of the actions and data types in RAM. RAM is a service that helps you securely share your Amazon Web Services resources to other Amazon Web Services accounts. If you use Organizations to manage your accounts, then you can share your resources with your entire organization or to organizational units (OUs). For supported resource types, you can also share resources with individual Identity and Access Management (IAM) roles and users.
To learn more about RAM, see the following resources:
",
"operations": {
"AcceptResourceShareInvitation": "Accepts an invitation to a resource share from another Amazon Web Services account. After you accept the invitation, the resources included in the resource share are available to interact with in the relevant Amazon Web Services Management Consoles and tools.
",
"AssociateResourceShare": "Adds the specified list of principals and list of resources to a resource share. Principals that already have access to this resource share immediately receive access to the added resources. Newly added principals immediately receive access to the resources shared in this resource share.
",
"AssociateResourceSharePermission": "Adds or replaces the RAM permission for a resource type included in a resource share. You can have exactly one permission associated with each resource type in the resource share. You can add a new RAM permission only if there are currently no resources of that resource type currently in the resource share.
",
+ "CreatePermission": "Creates a customer managed permission for a specified resource type that you can attach to resource shares. It is created in the Amazon Web Services Region in which you call the operation.
",
+ "CreatePermissionVersion": "Creates a new version of the specified customer managed permission. The new version is automatically set as the default version of the customer managed permission. New resource shares automatically use the default permission. Existing resource shares continue to use their original permission versions, but you can use ReplacePermissionAssociations to update them.
If the specified customer managed permission already has the maximum of 5 versions, then you must delete one of the existing versions before you can create a new one.
",
"CreateResourceShare": "Creates a resource share. You can provide a list of the Amazon Resource Names (ARNs) for the resources that you want to share, a list of principals you want to share the resources with, and the permissions to grant those principals.
Sharing a resource makes it available for use by principals outside of the Amazon Web Services account that created the resource. Sharing doesn't change any permissions or quotas that apply to the resource in the account that created it.
",
- "DeleteResourceShare": "Deletes the specified resource share. This doesn't delete any of the resources that were associated with the resource share; it only stops the sharing of those resources outside of the Amazon Web Services account that created them.
",
- "DisassociateResourceShare": "Disassociates the specified principals or resources from the specified resource share.
",
- "DisassociateResourceSharePermission": "Disassociates an RAM permission from a resource share. Permission changes take effect immediately. You can remove a RAM permission from a resource share only if there are currently no resources of the relevant resource type currently attached to the resource share.
",
- "EnableSharingWithAwsOrganization": "Enables resource sharing within your organization in Organizations. Calling this operation enables RAM to retrieve information about the organization and its structure. This lets you share resources with all of the accounts in an organization by specifying the organization's ID, or all of the accounts in an organizational unit (OU) by specifying the OU's ID. Until you enable sharing within the organization, you can specify only individual Amazon Web Services accounts, or for supported resource types, IAM users and roles.
You must call this operation from an IAM user or role in the organization's management account.
",
- "GetPermission": "Gets the contents of an RAM permission in JSON format.
",
+ "DeletePermission": "Deletes the specified customer managed permission in the Amazon Web Services Region in which you call this operation. You can delete a customer managed permission only if it isn't attached to any resource share. The operation deletes all versions associated with the customer managed permission.
",
+ "DeletePermissionVersion": "Deletes one version of a customer managed permission. The version you specify must not be attached to any resource share and must not be the default version for the permission.
If a customer managed permission has the maximum of 5 versions, then you must delete at least one version before you can create another.
",
+ "DeleteResourceShare": "Deletes the specified resource share.
This doesn't delete any of the resources that were associated with the resource share; it only stops the sharing of those resources through this resource share.
",
+ "DisassociateResourceShare": "Removes the specified principals or resources from participating in the specified resource share.
",
+ "DisassociateResourceSharePermission": "Removes a managed permission from a resource share. Permission changes take effect immediately. You can remove a managed permission from a resource share only if there are currently no resources of the relevant resource type currently attached to the resource share.
",
+ "EnableSharingWithAwsOrganization": "Enables resource sharing within your organization in Organizations. This operation creates a service-linked role called AWSServiceRoleForResourceAccessManager that has the IAM managed policy named AWSResourceAccessManagerServiceRolePolicy attached. This role permits RAM to retrieve information about the organization and its structure. This lets you share resources with all of the accounts in the calling account's organization by specifying the organization ID, or all of the accounts in an organizational unit (OU) by specifying the OU ID. Until you enable sharing within the organization, you can specify only individual Amazon Web Services accounts, or for supported resource types, IAM roles and users.
You must call this operation from an IAM role or user in the organization's management account.
",
+ "GetPermission": "Retrieves the contents of a managed permission in JSON format.
",
"GetResourcePolicies": "Retrieves the resource policies for the specified resources that you own and have shared.
",
- "GetResourceShareAssociations": "Retrieves the resource and principal associations for resource shares that you own.
",
+ "GetResourceShareAssociations": "Retrieves the lists of resources and principals that associated for resource shares that you own.
",
"GetResourceShareInvitations": "Retrieves details about invitations that you have received for resource shares.
",
"GetResourceShares": "Retrieves details about the resource shares that you own or that are shared with you.
",
"ListPendingInvitationResources": "Lists the resources in a resource share that is shared with you but for which the invitation is still PENDING. That means that you haven't accepted or rejected the invitation and the invitation hasn't expired.
",
+ "ListPermissionAssociations": "Lists information about the managed permission and its associations to any resource shares that use this managed permission. This lets you see which resource shares use which versions of the specified managed permission.
",
"ListPermissionVersions": "Lists the available versions of the specified RAM permission.
",
"ListPermissions": "Retrieves a list of available RAM permissions that you can use for the supported resource types.
",
"ListPrincipals": "Lists the principals that you are sharing resources with or that are sharing resources with you.
",
+ "ListReplacePermissionAssociationsWork": "Retrieves the current status of the asynchronous tasks performed by RAM when you perform the ReplacePermissionAssociationsWork operation.
",
"ListResourceSharePermissions": "Lists the RAM permissions that are associated with a resource share.
",
"ListResourceTypes": "Lists the resource types that can be shared by RAM.
",
"ListResources": "Lists the resources that you added to a resource share or the resources that are shared with you.
",
- "PromoteResourceShareCreatedFromPolicy": "When you attach a resource-based permission policy to a resource, it automatically creates a resource share. However, resource shares created this way are visible only to the resource share owner, and the resource share can't be modified in RAM.
You can use this operation to promote the resource share to a full RAM resource share. When you promote a resource share, you can then manage the resource share in RAM and it becomes visible to all of the principals you shared it with.
",
+ "PromotePermissionCreatedFromPolicy": "When you attach a resource-based policy to a resource, RAM automatically creates a resource share of featureSet=CREATED_FROM_POLICY with a managed permission that has the same IAM permissions as the original resource-based policy. However, this type of managed permission is visible to only the resource share owner, and the associated resource share can't be modified by using RAM.
This operation creates a separate, fully manageable customer managed permission that has the same IAM permissions as the original resource-based policy. You can associate this customer managed permission to any resource shares.
Before you use PromoteResourceShareCreatedFromPolicy, you should first run this operation to ensure that you have an appropriate customer managed permission that can be associated with the promoted resource share.
-
The original CREATED_FROM_POLICY policy isn't deleted, and resource shares using that original policy aren't automatically updated.
-
You can't modify a CREATED_FROM_POLICY resource share so you can't associate the new customer managed permission by using ReplacePermsissionAssociations. However, if you use PromoteResourceShareCreatedFromPolicy, that operation automatically associates the fully manageable customer managed permission to the newly promoted STANDARD resource share.
-
After you promote a resource share, if the original CREATED_FROM_POLICY managed permission has no other associations to A resource share, then RAM automatically deletes it.
",
+ "PromoteResourceShareCreatedFromPolicy": "When you attach a resource-based policy to a resource, RAM automatically creates a resource share of featureSet=CREATED_FROM_POLICY with a managed permission that has the same IAM permissions as the original resource-based policy. However, this type of managed permission is visible to only the resource share owner, and the associated resource share can't be modified by using RAM.
This operation promotes the resource share to a STANDARD resource share that is fully manageable in RAM. When you promote a resource share, you can then manage the resource share in RAM and it becomes visible to all of the principals you shared it with.
Before you perform this operation, you should first run PromotePermissionCreatedFromPolicyto ensure that you have an appropriate customer managed permission that can be associated with this resource share after its is promoted. If this operation can't find a managed permission that exactly matches the existing CREATED_FROM_POLICY permission, then this operation fails.
",
"RejectResourceShareInvitation": "Rejects an invitation to a resource share from another Amazon Web Services account.
",
- "TagResource": "Adds the specified tag keys and values to the specified resource share. The tags are attached only to the resource share, not to the resources that are in the resource share.
",
- "UntagResource": "Removes the specified tag key and value pairs from the specified resource share.
",
+ "ReplacePermissionAssociations": "Updates all resource shares that use a managed permission to a different managed permission. This operation always applies the default version of the target managed permission. You can optionally specify that the update applies to only resource shares that currently use a specified version. This enables you to update to the latest version, without changing the which managed permission is used.
You can use this operation to update all of your resource shares to use the current default version of the permission by specifying the same value for the fromPermissionArn and toPermissionArn parameters.
You can use the optional fromPermissionVersion parameter to update only those resources that use a specified version of the managed permission to the new managed permission.
To successfully perform this operation, you must have permission to update the resource-based policy on all affected resource types.
",
+ "SetDefaultPermissionVersion": "Designates the specified version number as the default version for the specified customer managed permission. New resource shares automatically use this new default permission. Existing resource shares continue to use their original permission version, but you can use ReplacePermissionAssociations to update them.
",
+ "TagResource": "Adds the specified tag keys and values to a resource share or managed permission. If you choose a resource share, the tags are attached to only the resource share, not to the resources that are in the resource share.
The tags on a managed permission are the same for all versions of the managed permission.
",
+ "UntagResource": "Removes the specified tag key and value pairs from the specified resource share or managed permission.
",
"UpdateResourceShare": "Modifies some of the properties of the specified resource share.
"
},
"shapes": {
@@ -59,26 +68,63 @@
"refs": {
}
},
+ "AssociatedPermission": {
+ "base": "An object that describes a managed permission associated with a resource share.
",
+ "refs": {
+ "AssociatedPermissionList$member": null
+ }
+ },
+ "AssociatedPermissionList": {
+ "base": null,
+ "refs": {
+ "ListPermissionAssociationsResponse$permissions": "A structure with information about this customer managed permission.
"
+ }
+ },
"Boolean": {
"base": null,
"refs": {
- "AssociateResourceSharePermissionRequest$replace": "Specifies whether the specified permission should replace or add to the existing permission associated with the resource share. Use true to replace the current permissions. Use false to add the permission to the current permission. The default value is false.
A resource share can have only one permission per resource type. If a resource share already has a permission for the specified resource type and you don't set replace to true then the operation returns an error. This helps prevent accidental overwriting of a permission.
",
+ "AssociateResourceSharePermissionRequest$replace": "Specifies whether the specified permission should replace the existing permission associated with the resource share. Use true to replace the current permissions. Use false to add the permission to a resource share that currently doesn't have a permission. The default value is false.
A resource share can have only one permission per resource type. If a resource share already has a permission for the specified resource type and you don't set replace to true then the operation returns an error. This helps prevent accidental overwriting of a permission.
",
"AssociateResourceSharePermissionResponse$returnValue": "A return value of true indicates that the request succeeded. A value of false indicates that the request failed.
",
+ "AssociatedPermission$defaultVersion": "Indicates whether the associated resource share is using the default version of the permission.
",
"CreateResourceShareRequest$allowExternalPrincipals": "Specifies whether principals outside your organization in Organizations can be associated with a resource share. A value of true lets you share with individual Amazon Web Services accounts that are not in your organization. A value of false only has meaning if your account is a member of an Amazon Web Services Organization. The default value is true.
",
+ "DeletePermissionResponse$returnValue": "A boolean that indicates whether the delete operations succeeded.
",
+ "DeletePermissionVersionResponse$returnValue": "A boolean value that indicates whether the operation is successful.
",
"DeleteResourceShareResponse$returnValue": "A return value of true indicates that the request succeeded. A value of false indicates that the request failed.
",
"DisassociateResourceSharePermissionResponse$returnValue": "A return value of true indicates that the request succeeded. A value of false indicates that the request failed.
",
"EnableSharingWithAwsOrganizationResponse$returnValue": "A return value of true indicates that the request succeeded. A value of false indicates that the request failed.
",
- "Principal$external": "Indicates whether the principal belongs to the same organization in Organizations as the Amazon Web Services account that owns the resource share.
",
+ "ListPermissionAssociationsRequest$defaultVersion": "When true, specifies that you want to list only those associations with resource shares that use the default version of the specified managed permission.
When false (the default value), lists associations with resource shares that use any version of the specified managed permission.
",
+ "Principal$external": "Indicates the relationship between the Amazon Web Services account the principal belongs to and the account that owns the resource share:
",
"PromoteResourceShareCreatedFromPolicyResponse$returnValue": "A return value of true indicates that the request succeeded. A value of false indicates that the request failed.
",
- "ResourceShare$allowExternalPrincipals": "Indicates whether principals outside your organization in Organizations can be associated with a resource share.
",
+ "ResourceShare$allowExternalPrincipals": "Indicates whether principals outside your organization in Organizations can be associated with a resource share.
-
True – the resource share can be shared with any Amazon Web Services account.
-
False – the resource share can be shared with only accounts in the same organization as the account that owns the resource share.
",
"ResourceShareAssociation$external": "Indicates whether the principal belongs to the same organization in Organizations as the Amazon Web Services account that owns the resource share.
",
- "ResourceSharePermissionDetail$defaultVersion": "Specifies whether the version of the permission represented in this structure is the default version for this permission.
",
- "ResourceSharePermissionDetail$isResourceTypeDefault": "Specifies whether the version of the permission represented in this structure is the default version for all resources of this resource type.
",
- "ResourceSharePermissionSummary$defaultVersion": "Specifies whether the version of the permission represented in this structure is the default version for this permission.
",
- "ResourceSharePermissionSummary$isResourceTypeDefault": "Specifies whether the version of the permission represented in this structure is the default version for all resources of this resource type.
",
+ "ResourceSharePermissionDetail$defaultVersion": "Specifies whether the version of the permission represented in this response is the default version for this permission.
",
+ "ResourceSharePermissionDetail$isResourceTypeDefault": "Specifies whether the version of the permission represented in this response is the default version for all resources of this resource type.
",
+ "ResourceSharePermissionSummary$defaultVersion": "Specifies whether the version of the managed permission used by this resource share is the default version for this managed permission.
",
+ "ResourceSharePermissionSummary$isResourceTypeDefault": "Specifies whether the managed permission associated with this resource share is the default managed permission for all resources of this resource type.
",
+ "SetDefaultPermissionVersionResponse$returnValue": "A boolean value that indicates whether the operation was successful.
",
"UpdateResourceShareRequest$allowExternalPrincipals": "Specifies whether principals outside your organization in Organizations can be associated with a resource share.
"
}
},
+ "CreatePermissionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreatePermissionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreatePermissionVersionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreatePermissionVersionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"CreateResourceShareRequest": {
"base": null,
"refs": {
@@ -92,10 +138,13 @@
"DateTime": {
"base": null,
"refs": {
+ "AssociatedPermission$lastUpdatedTime": "The date and time when the association between the permission and the resource share was last updated.
",
"Principal$creationTime": "The date and time when the principal was associated with the resource share.
",
- "Principal$lastUpdatedTime": "The date and time when the association was last updated.
",
+ "Principal$lastUpdatedTime": "The date and time when the association between the resource share and the principal was last updated.
",
+ "ReplacePermissionAssociationsWork$creationTime": "The date and time when this asynchronous background task was created.
",
+ "ReplacePermissionAssociationsWork$lastUpdatedTime": "The date and time when the status of this background task was last updated.
",
"Resource$creationTime": "The date and time when the resource was associated with the resource share.
",
- "Resource$lastUpdatedTime": "The date an time when the association was last updated.
",
+ "Resource$lastUpdatedTime": "The date an time when the association between the resource and the resource share was last updated.
",
"ResourceShare$creationTime": "The date and time when the resource share was created.
",
"ResourceShare$lastUpdatedTime": "The date and time when the resource share was last updated.
",
"ResourceShareAssociation$creationTime": "The date and time when the association was created.
",
@@ -107,6 +156,26 @@
"ResourceSharePermissionSummary$lastUpdatedTime": "The date and time when the permission was last updated.
"
}
},
+ "DeletePermissionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeletePermissionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeletePermissionVersionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeletePermissionVersionResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"DeleteResourceShareRequest": {
"base": null,
"refs": {
@@ -198,44 +267,54 @@
}
},
"IdempotentParameterMismatchException": {
- "base": "The client token input parameter was matched one used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.
",
+ "base": "The operation failed because the client token input parameter matched one that was used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.
",
"refs": {
}
},
"Integer": {
"base": null,
"refs": {
- "AssociateResourceSharePermissionRequest$permissionVersion": "Specifies the version of the RAM permission to associate with the resource share. If you don't specify this parameter, the operation uses the version designated as the default. You can use the ListPermissionVersions operation to discover the available versions of a permission.
",
- "GetPermissionRequest$permissionVersion": "Specifies identifier for the version of the RAM permission to retrieve. If you don't specify this parameter, the operation retrieves the default version.
"
+ "AssociateResourceSharePermissionRequest$permissionVersion": "Specifies the version of the RAM permission to associate with the resource share. You can specify only the version that is currently set as the default version for the permission. If you also set the replace pararameter to true, then this operation updates an outdated version of the permission to the current default version.
You don't need to specify this parameter because the default behavior is to use the version that is currently set as the default version for the permission. This parameter is supported for backwards compatibility.
",
+ "DeletePermissionVersionRequest$permissionVersion": "Specifies the version number to delete.
You can't delete the default version for a customer managed permission.
You can't delete a version if it's the only version of the permission. You must either first create another version, or delete the permission completely.
You can't delete a version if it is attached to any resource shares. If the version is the default, you must first use SetDefaultPermissionVersion to set a different version as the default for the customer managed permission, and then use AssociateResourceSharePermission to update your resource shares to use the new default version.
",
+ "GetPermissionRequest$permissionVersion": "Specifies the version number of the RAM permission to retrieve. If you don't specify this parameter, the operation retrieves the default version.
To see the list of available versions, use ListPermissionVersions.
",
+ "GetResourceSharesRequest$permissionVersion": "Specifies that you want to retrieve details for only those resource shares that use the specified version of the managed permission.
",
+ "ListPermissionAssociationsRequest$permissionVersion": "Specifies that you want to list only those associations with resource shares that use this version of the managed permission. If you don't provide a value for this parameter, then the operation returns information about associations with resource shares that use any version of the managed permission.
",
+ "ReplacePermissionAssociationsRequest$fromPermissionVersion": "Specifies that you want to updated the permissions for only those resource shares that use the specified version of the managed permission.
",
+ "SetDefaultPermissionVersionRequest$permissionVersion": "Specifies the version number that you want to designate as the default for customer managed permission. To see a list of all available version numbers, use ListPermissionVersions.
"
}
},
"InvalidClientTokenException": {
- "base": "The client token is not valid.
",
+ "base": "The operation failed because the specified client token isn't valid.
",
"refs": {
}
},
"InvalidMaxResultsException": {
- "base": "The specified value for MaxResults is not valid.
",
+ "base": "The operation failed because the specified value for MaxResults isn't valid.
",
"refs": {
}
},
"InvalidNextTokenException": {
- "base": "The specified value for NextToken is not valid.
",
+ "base": "The operation failed because the specified value for NextToken isn't valid. You must specify a value you received in the NextToken response of a previous call to this operation.
",
"refs": {
}
},
"InvalidParameterException": {
- "base": "A parameter is not valid.
",
+ "base": "The operation failed because a parameter you specified isn't valid.
",
+ "refs": {
+ }
+ },
+ "InvalidPolicyException": {
+ "base": "The operation failed because a policy you specified isn't valid.
",
"refs": {
}
},
"InvalidResourceTypeException": {
- "base": "The specified resource type is not valid.
",
+ "base": "The operation failed because the specified resource type isn't valid.
",
"refs": {
}
},
"InvalidStateTransitionException": {
- "base": "The requested state transition is not valid.
",
+ "base": "The operation failed because the requested operation isn't valid for the resource share in its current state.
",
"refs": {
}
},
@@ -249,6 +328,16 @@
"refs": {
}
},
+ "ListPermissionAssociationsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListPermissionAssociationsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"ListPermissionVersionsRequest": {
"base": null,
"refs": {
@@ -279,6 +368,16 @@
"refs": {
}
},
+ "ListReplacePermissionAssociationsWorkRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListReplacePermissionAssociationsWorkResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"ListResourceSharePermissionsRequest": {
"base": null,
"refs": {
@@ -310,7 +409,12 @@
}
},
"MalformedArnException": {
- "base": "The format of an Amazon Resource Name (ARN) is not valid.
",
+ "base": "The operation failed because the specified Amazon Resource Name (ARN) has a format that isn't valid.
",
+ "refs": {
+ }
+ },
+ "MalformedPolicyTemplateException": {
+ "base": "The operation failed because the policy template that you provided isn't valid.
",
"refs": {
}
},
@@ -322,21 +426,28 @@
"GetResourceShareInvitationsRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
"GetResourceSharesRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
"ListPendingInvitationResourcesRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
+ "ListPermissionAssociationsRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
"ListPermissionVersionsRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
"ListPermissionsRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
"ListPrincipalsRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
+ "ListReplacePermissionAssociationsWorkRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
"ListResourceSharePermissionsRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
"ListResourceTypesRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
",
"ListResourcesRequest$maxResults": "Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
"
}
},
"MissingRequiredParameterException": {
- "base": "A required input parameter is missing.
",
+ "base": "The operation failed because a required input parameter is missing.
",
"refs": {
}
},
"OperationNotPermittedException": {
- "base": "The requested operation is not permitted.
",
+ "base": "The operation failed because the requested operation isn't permitted.
",
+ "refs": {
+ }
+ },
+ "PermissionAlreadyExistsException": {
+ "base": "The operation failed because a permission with the specified name already exists in the requested Amazon Web Services Region. Choose a different name.
",
"refs": {
}
},
@@ -346,9 +457,57 @@
"CreateResourceShareRequest$permissionArns": "Specifies the Amazon Resource Names (ARNs) of the RAM permission to associate with the resource share. If you do not specify an ARN for the permission, RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share.
"
}
},
+ "PermissionFeatureSet": {
+ "base": null,
+ "refs": {
+ "AssociatedPermission$featureSet": "Indicates what features are available for this resource share. This parameter can have one of the following values:
-
STANDARD – A resource share that supports all functionality. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in RAM using the console or APIs. This resource share might have been created by RAM, or it might have been CREATED_FROM_POLICY and then promoted.
-
CREATED_FROM_POLICY – The customer manually shared a resource by attaching a resource-based policy. That policy did not match any existing managed permissions, so RAM created this customer managed permission automatically on the customer's behalf based on the attached policy document. This type of resource share is visible only to the Amazon Web Services account that created it. You can't modify it in RAM unless you promote it. For more information, see PromoteResourceShareCreatedFromPolicy.
-
PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY, but the customer ran the PromoteResourceShareCreatedFromPolicy and that operation is still in progress. This value changes to STANDARD when complete.
",
+ "ListPermissionAssociationsRequest$featureSet": "Specifies that you want to list only those associations with resource shares that have a featureSet with this value.
",
+ "ResourceSharePermissionDetail$featureSet": "Indicates what features are available for this resource share. This parameter can have one of the following values:
-
STANDARD – A resource share that supports all functionality. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in RAM using the console or APIs. This resource share might have been created by RAM, or it might have been CREATED_FROM_POLICY and then promoted.
-
CREATED_FROM_POLICY – The customer manually shared a resource by attaching a resource-based policy. That policy did not match any existing managed permissions, so RAM created this customer managed permission automatically on the customer's behalf based on the attached policy document. This type of resource share is visible only to the Amazon Web Services account that created it. You can't modify it in RAM unless you promote it. For more information, see PromoteResourceShareCreatedFromPolicy.
-
PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY, but the customer ran the PromoteResourceShareCreatedFromPolicy and that operation is still in progress. This value changes to STANDARD when complete.
",
+ "ResourceSharePermissionSummary$featureSet": "Indicates what features are available for this resource share. This parameter can have one of the following values:
-
STANDARD – A resource share that supports all functionality. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in RAM using the console or APIs. This resource share might have been created by RAM, or it might have been CREATED_FROM_POLICY and then promoted.
-
CREATED_FROM_POLICY – The customer manually shared a resource by attaching a resource-based policy. That policy did not match any existing managed permissions, so RAM created this customer managed permission automatically on the customer's behalf based on the attached policy document. This type of resource share is visible only to the Amazon Web Services account that created it. You can't modify it in RAM unless you promote it. For more information, see PromoteResourceShareCreatedFromPolicy.
-
PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY, but the customer ran the PromoteResourceShareCreatedFromPolicy and that operation is still in progress. This value changes to STANDARD when complete.
"
+ }
+ },
+ "PermissionLimitExceededException": {
+ "base": "The operation failed because it would exceed the maximum number of permissions you can create in each Amazon Web Services Region. To view the limits for your Amazon Web Services account, see the RAM page in the Service Quotas console.
",
+ "refs": {
+ }
+ },
+ "PermissionName": {
+ "base": null,
+ "refs": {
+ "CreatePermissionRequest$name": "Specifies the name of the customer managed permission. The name must be unique within the Amazon Web Services Region.
"
+ }
+ },
+ "PermissionStatus": {
+ "base": null,
+ "refs": {
+ "DeletePermissionResponse$permissionStatus": "This operation is performed asynchronously, and this response parameter indicates the current status.
",
+ "DeletePermissionVersionResponse$permissionStatus": "This operation is performed asynchronously, and this response parameter indicates the current status.
",
+ "ResourceSharePermissionDetail$status": "The current status of the association between the permission and the resource share. The following are the possible values:
-
ATTACHABLE – This permission or version can be associated with resource shares.
-
UNATTACHABLE – This permission or version can't currently be associated with resource shares.
-
DELETING – This permission or version is in the process of being deleted.
-
DELETED – This permission or version is deleted.
"
+ }
+ },
+ "PermissionType": {
+ "base": null,
+ "refs": {
+ "ResourceSharePermissionDetail$permissionType": "The type of managed permission. This can be one of the following values:
-
AWS_MANAGED – Amazon Web Services created and manages this managed permission. You can associate it with your resource shares, but you can't modify it.
-
CUSTOMER_MANAGED – You, or another principal in your account created this managed permission. You can associate it with your resource shares and create new versions that have different permissions.
",
+ "ResourceSharePermissionSummary$permissionType": "The type of managed permission. This can be one of the following values:
-
AWS_MANAGED – Amazon Web Services created and manages this managed permission. You can associate it with your resource shares, but you can't modify it.
-
CUSTOMER_MANAGED – You, or another principal in your account created this managed permission. You can associate it with your resource shares and create new versions that have different permissions.
"
+ }
+ },
+ "PermissionTypeFilter": {
+ "base": null,
+ "refs": {
+ "ListPermissionsRequest$permissionType": "Specifies that you want to list only permissions of this type:
-
AWS – returns only Amazon Web Services managed permissions.
-
LOCAL – returns only customer managed permissions
-
ALL – returns both Amazon Web Services managed permissions and customer managed permissions.
If you don't specify this parameter, the default is All.
"
+ }
+ },
+ "PermissionVersionsLimitExceededException": {
+ "base": "The operation failed because it would exceed the limit for the number of versions you can have for a permission. To view the limits for your Amazon Web Services account, see the RAM page in the Service Quotas console.
",
+ "refs": {
+ }
+ },
"Policy": {
"base": null,
"refs": {
+ "CreatePermissionRequest$policyTemplate": "A string in JSON format string that contains the following elements of a resource-based policy:
-
Effect: must be set to ALLOW.
-
Action: specifies the actions that are allowed by this customer managed permission. The list must contain only actions that are supported by the specified resource type. For a list of all actions supported by each resource type, see Actions, resources, and condition keys for Amazon Web Services services in the Identity and Access Management User Guide.
-
Condition: (optional) specifies conditional parameters that must evaluate to true when a user attempts an action for that action to be allowed. For more information about the Condition element, see IAM policies: Condition element in the Identity and Access Management User Guide.
This template can't include either the Resource or Principal elements. Those are both filled in by RAM when it instantiates the resource-based policy on each resource shared using this managed permission. The Resource comes from the ARN of the specific resource that you are sharing. The Principal comes from the list of identities added to the resource share.
",
+ "CreatePermissionVersionRequest$policyTemplate": "A string in JSON format string that contains the following elements of a resource-based policy:
-
Effect: must be set to ALLOW.
-
Action: specifies the actions that are allowed by this customer managed permission. The list must contain only actions that are supported by the specified resource type. For a list of all actions supported by each resource type, see Actions, resources, and condition keys for Amazon Web Services services in the Identity and Access Management User Guide.
-
Condition: (optional) specifies conditional parameters that must evaluate to true when a user attempts an action for that action to be allowed. For more information about the Condition element, see IAM policies: Condition element in the Identity and Access Management User Guide.
This template can't include either the Resource or Principal elements. Those are both filled in by RAM when it instantiates the resource-based policy on each resource shared using this managed permission. The Resource comes from the ARN of the specific resource that you are sharing. The Principal comes from the list of identities added to the resource share.
",
"PolicyList$member": null
}
},
@@ -367,10 +526,10 @@
"PrincipalArnOrIdList": {
"base": null,
"refs": {
- "AssociateResourceShareRequest$principals": "Specifies a list of principals to whom you want to the resource share. This can be null if you want to add only resources.
What the principals can do with the resources in the share is determined by the RAM permissions that you associate with the resource share. See AssociateResourceSharePermission.
You can include the following values:
-
An Amazon Web Services account ID, for example: 123456789012
-
An Amazon Resoure Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
-
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
-
An ARN of an IAM role, for example: iam::123456789012:role/rolename
-
An ARN of an IAM user, for example: iam::123456789012user/username
Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.
",
- "CreateResourceShareRequest$principals": "Specifies a list of one or more principals to associate with the resource share.
You can include the following values:
-
An Amazon Web Services account ID, for example: 123456789012
-
An Amazon Resoure Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
-
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
-
An ARN of an IAM role, for example: iam::123456789012:role/rolename
-
An ARN of an IAM user, for example: iam::123456789012user/username
Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.
",
- "DisassociateResourceShareRequest$principals": "Specifies a list of one or more principals that no longer are to have access to the resources in this resource share.
You can include the following values:
-
An Amazon Web Services account ID, for example: 123456789012
-
An Amazon Resoure Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
-
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
-
An ARN of an IAM role, for example: iam::123456789012:role/rolename
-
An ARN of an IAM user, for example: iam::123456789012user/username
Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.
",
- "ListPrincipalsRequest$principals": "Specifies that you want to list information for only the listed principals.
You can include the following values:
-
An Amazon Web Services account ID, for example: 123456789012
-
An Amazon Resoure Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
-
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
-
An ARN of an IAM role, for example: iam::123456789012:role/rolename
-
An ARN of an IAM user, for example: iam::123456789012user/username
Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.
"
+ "AssociateResourceShareRequest$principals": "Specifies a list of principals to whom you want to the resource share. This can be null if you want to add only resources.
What the principals can do with the resources in the share is determined by the RAM permissions that you associate with the resource share. See AssociateResourceSharePermission.
You can include the following values:
-
An Amazon Web Services account ID, for example: 123456789012
-
An Amazon Resource Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
-
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
-
An ARN of an IAM role, for example: iam::123456789012:role/rolename
-
An ARN of an IAM user, for example: iam::123456789012user/username
Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.
",
+ "CreateResourceShareRequest$principals": "Specifies a list of one or more principals to associate with the resource share.
You can include the following values:
-
An Amazon Web Services account ID, for example: 123456789012
-
An Amazon Resource Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
-
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
-
An ARN of an IAM role, for example: iam::123456789012:role/rolename
-
An ARN of an IAM user, for example: iam::123456789012user/username
Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.
",
+ "DisassociateResourceShareRequest$principals": "Specifies a list of one or more principals that no longer are to have access to the resources in this resource share.
You can include the following values:
-
An Amazon Web Services account ID, for example: 123456789012
-
An Amazon Resource Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
-
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
-
An ARN of an IAM role, for example: iam::123456789012:role/rolename
-
An ARN of an IAM user, for example: iam::123456789012user/username
Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.
",
+ "ListPrincipalsRequest$principals": "Specifies that you want to list information for only the listed principals.
You can include the following values:
-
An Amazon Web Services account ID, for example: 123456789012
-
An Amazon Resource Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
-
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
-
An ARN of an IAM role, for example: iam::123456789012:role/rolename
-
An ARN of an IAM user, for example: iam::123456789012user/username
Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.
"
}
},
"PrincipalList": {
@@ -379,6 +538,16 @@
"ListPrincipalsResponse$principals": "An array of objects that contain the details about the principals.
"
}
},
+ "PromotePermissionCreatedFromPolicyRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "PromotePermissionCreatedFromPolicyResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"PromoteResourceShareCreatedFromPolicyRequest": {
"base": null,
"refs": {
@@ -399,6 +568,42 @@
"refs": {
}
},
+ "ReplacePermissionAssociationsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ReplacePermissionAssociationsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ReplacePermissionAssociationsWork": {
+ "base": "A structure that represents the background work that RAM performs when you invoke the ReplacePermissionAssociations operation.
",
+ "refs": {
+ "ReplacePermissionAssociationsResponse$replacePermissionAssociationsWork": "Specifies a data structure that you can use to track the asynchronous tasks that RAM performs to complete this operation. You can use the ListReplacePermissionAssociationsWork operation and pass the id value returned in this structure.
",
+ "ReplacePermissionAssociationsWorkList$member": null
+ }
+ },
+ "ReplacePermissionAssociationsWorkIdList": {
+ "base": null,
+ "refs": {
+ "ListReplacePermissionAssociationsWorkRequest$workIds": "A list of IDs. These values come from the idfield of the replacePermissionAssociationsWorkstructure returned by the ReplacePermissionAssociations operation.
"
+ }
+ },
+ "ReplacePermissionAssociationsWorkList": {
+ "base": null,
+ "refs": {
+ "ListReplacePermissionAssociationsWorkResponse$replacePermissionAssociationsWorks": "An array of data structures that provide details of the matching work IDs.
"
+ }
+ },
+ "ReplacePermissionAssociationsWorkStatus": {
+ "base": null,
+ "refs": {
+ "ListReplacePermissionAssociationsWorkRequest$status": "Specifies that you want to see only the details about requests with a status that matches this value.
",
+ "ReplacePermissionAssociationsWork$status": "Specifies the current status of the background tasks for the specified ID. The output is one of the following strings:
-
IN_PROGRESS
-
COMPLETED
-
FAILED
"
+ }
+ },
"Resource": {
"base": "Describes a resource associated with a resource share in RAM.
",
"refs": {
@@ -410,13 +615,13 @@
"refs": {
"AssociateResourceShareRequest$resourceArns": "Specifies a list of Amazon Resource Names (ARNs) of the resources that you want to share. This can be null if you want to add only principals.
",
"CreateResourceShareRequest$resourceArns": "Specifies a list of one or more ARNs of the resources to associate with the resource share.
",
- "DisassociateResourceShareRequest$resourceArns": "Specifies a list of Amazon Resource Names (ARNs) for one or more resources that you want to remove from the resource share. After the operation runs, these resources are no longer shared with principals outside of the Amazon Web Services account that created the resources.
",
+ "DisassociateResourceShareRequest$resourceArns": "Specifies a list of Amazon Resource Names (ARNs) for one or more resources that you want to remove from the resource share. After the operation runs, these resources are no longer shared with principals associated with the resource share.
",
"GetResourcePoliciesRequest$resourceArns": "Specifies the Amazon Resource Names (ARNs) of the resources whose policies you want to retrieve.
",
"ListResourcesRequest$resourceArns": "Specifies that you want to list only the resource shares that include resources with the specified Amazon Resource Names (ARNs).
"
}
},
"ResourceArnNotFoundException": {
- "base": "The specified Amazon Resource Name (ARN) was not found.
",
+ "base": "The operation failed because the specified Amazon Resource Name (ARN) was not found.
",
"refs": {
}
},
@@ -469,7 +674,7 @@
}
},
"ResourceShareAssociation": {
- "base": "Describes an association with a resource share and either a principal or a resource.
",
+ "base": "Describes an association between a resource share and either a principal or a resource.
",
"refs": {
"ResourceShareAssociationList$member": null
}
@@ -478,7 +683,7 @@
"base": null,
"refs": {
"AssociateResourceShareResponse$resourceShareAssociations": "An array of objects that contain information about the associations.
",
- "DisassociateResourceShareResponse$resourceShareAssociations": "An array of objects that contain information about the updated associations for this resource share.
",
+ "DisassociateResourceShareResponse$resourceShareAssociations": "An array of objects with information about the updated associations for this resource share.
",
"GetResourceShareAssociationsResponse$resourceShareAssociations": "An array of objects that contain the details about the associations.
",
"ResourceShareInvitation$resourceShareAssociations": "To view the resources associated with a pending resource share invitation, use ListPendingInvitationResources.
"
}
@@ -486,21 +691,22 @@
"ResourceShareAssociationStatus": {
"base": null,
"refs": {
- "GetResourceShareAssociationsRequest$associationStatus": "Specifies that you want to retrieve only associations with this status.
",
+ "GetResourceShareAssociationsRequest$associationStatus": "Specifies that you want to retrieve only associations that have this status.
",
+ "ListPermissionAssociationsRequest$associationStatus": "Specifies that you want to list only those associations with resource shares that match this status.
",
"ResourceShareAssociation$status": "The current status of the association.
"
}
},
"ResourceShareAssociationType": {
"base": null,
"refs": {
- "GetResourceShareAssociationsRequest$associationType": "Specifies whether you want to retrieve the associations that involve a specified resource or principal.
",
+ "GetResourceShareAssociationsRequest$associationType": "Specifies whether you want to retrieve the associations that involve a specified resource or principal.
",
"ResourceShareAssociation$associationType": "The type of entity included in this association.
"
}
},
"ResourceShareFeatureSet": {
"base": null,
"refs": {
- "ResourceShare$featureSet": "Indicates how the resource share was created. Possible values include:
-
CREATED_FROM_POLICY - Indicates that the resource share was created from an Identity and Access Management (IAM) resource-based permission policy attached to the resource. This type of resource share is visible only to the Amazon Web Services account that created it. You can't modify it in RAM unless you promote it. For more information, see PromoteResourceShareCreatedFromPolicy.
-
PROMOTING_TO_STANDARD - The resource share is in the process of being promoted. For more information, see PromoteResourceShareCreatedFromPolicy.
-
STANDARD - Indicates that the resource share was created in RAM using the console or APIs. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in RAM using the console or APIs.
"
+ "ResourceShare$featureSet": "Indicates what features are available for this resource share. This parameter can have one of the following values:
-
STANDARD – A resource share that supports all functionality. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in RAM using the console or APIs. This resource share might have been created by RAM, or it might have been CREATED_FROM_POLICY and then promoted.
-
CREATED_FROM_POLICY – The customer manually shared a resource by attaching a resource-based policy. That policy did not match any existing managed permissions, so RAM created this customer managed permission automatically on the customer's behalf based on the attached policy document. This type of resource share is visible only to the Amazon Web Services account that created it. You can't modify it in RAM unless you promote it. For more information, see PromoteResourceShareCreatedFromPolicy.
-
PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY, but the customer ran the PromoteResourceShareCreatedFromPolicy and that operation is still in progress. This value changes to STANDARD when complete.
"
}
},
"ResourceShareInvitation": {
@@ -512,12 +718,12 @@
}
},
"ResourceShareInvitationAlreadyAcceptedException": {
- "base": "The specified invitation was already accepted.
",
+ "base": "The operation failed because the specified invitation was already accepted.
",
"refs": {
}
},
"ResourceShareInvitationAlreadyRejectedException": {
- "base": "The specified invitation was already rejected.
",
+ "base": "The operation failed because the specified invitation was already rejected.
",
"refs": {
}
},
@@ -528,12 +734,12 @@
}
},
"ResourceShareInvitationArnNotFoundException": {
- "base": "The specified Amazon Resource Name (ARN) for an invitation was not found.
",
+ "base": "The operation failed because the specified Amazon Resource Name (ARN) for an invitation was not found.
",
"refs": {
}
},
"ResourceShareInvitationExpiredException": {
- "base": "The specified invitation is expired.
",
+ "base": "The operation failed because the specified invitation is past its expiration date and time.
",
"refs": {
}
},
@@ -550,7 +756,7 @@
}
},
"ResourceShareLimitExceededException": {
- "base": "This request would exceed the limit for resource shares for your account.
",
+ "base": "The operation failed because it would exceed the limit for resource shares for your account. To view the limits for your Amazon Web Services account, see the RAM page in the Service Quotas console.
",
"refs": {
}
},
@@ -561,9 +767,10 @@
}
},
"ResourceSharePermissionDetail": {
- "base": "Information about an RAM permission.
",
+ "base": "Information about a RAM managed permission.
",
"refs": {
- "GetPermissionResponse$permission": "An object that contains information about the permission.
"
+ "CreatePermissionVersionResponse$permission": null,
+ "GetPermissionResponse$permission": "An object with details about the permission.
"
}
},
"ResourceSharePermissionList": {
@@ -575,8 +782,10 @@
}
},
"ResourceSharePermissionSummary": {
- "base": "Information about an RAM permission that is associated with a resource share and any of its resources of a specified type.
",
+ "base": "Information about an RAM permission.
",
"refs": {
+ "CreatePermissionResponse$permission": "A structure with information about this customer managed permission.
",
+ "PromotePermissionCreatedFromPolicyResponse$permission": null,
"ResourceSharePermissionList$member": null
}
},
@@ -594,7 +803,7 @@
}
},
"ServerInternalException": {
- "base": "The service could not respond to the request due to an internal problem.
",
+ "base": "The operation failed because the service could not respond to the request due to an internal problem. Try again later.
",
"refs": {
}
},
@@ -611,71 +820,105 @@
}
},
"ServiceUnavailableException": {
- "base": "The service is not available.
",
+ "base": "The operation failed because the service isn't available. Try again later.
",
+ "refs": {
+ }
+ },
+ "SetDefaultPermissionVersionRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "SetDefaultPermissionVersionResponse": {
+ "base": null,
"refs": {
}
},
"String": {
"base": null,
"refs": {
- "AcceptResourceShareInvitationRequest$resourceShareInvitationArn": "The Amazon Resoure Name (ARN) of the invitation that you want to accept.
",
- "AcceptResourceShareInvitationRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
",
+ "AcceptResourceShareInvitationRequest$resourceShareInvitationArn": "The Amazon Resource Name (ARN) of the invitation that you want to accept.
",
+ "AcceptResourceShareInvitationRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
"AcceptResourceShareInvitationResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
- "AssociateResourceSharePermissionRequest$resourceShareArn": "Specifies the Amazon Resoure Name (ARN) of the resource share to which you want to add or replace permissions.
",
- "AssociateResourceSharePermissionRequest$permissionArn": "Specifies the Amazon Resoure Name (ARN) of the RAM permission to associate with the resource share. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the RAM console and then choose the name of the permission. The ARN is displayed on the detail page.
",
- "AssociateResourceSharePermissionRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
",
+ "AssociateResourceSharePermissionRequest$resourceShareArn": "Specifies the Amazon Resource Name (ARN) of the resource share to which you want to add or replace permissions.
",
+ "AssociateResourceSharePermissionRequest$permissionArn": "Specifies the Amazon Resource Name (ARN) of the RAM permission to associate with the resource share. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the RAM console and then choose the name of the permission. The ARN is displayed on the detail page.
",
+ "AssociateResourceSharePermissionRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
"AssociateResourceSharePermissionResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
- "AssociateResourceShareRequest$resourceShareArn": "Specifies the Amazon Resoure Name (ARN) of the resource share that you want to add principals or resources to.
",
- "AssociateResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
",
+ "AssociateResourceShareRequest$resourceShareArn": "Specifies the Amazon Resource Name (ARN) of the resource share that you want to add principals or resources to.
",
+ "AssociateResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
"AssociateResourceShareResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
+ "AssociatedPermission$arn": "The Amazon Resource Name (ARN) of the associated managed permission.
",
+ "AssociatedPermission$permissionVersion": "The version of the permission currently associated with the resource share.
",
+ "AssociatedPermission$resourceType": "The resource type to which this permission applies.
",
+ "AssociatedPermission$status": "The current status of the association between the permission and the resource share. The following are the possible values:
-
ATTACHABLE – This permission or version can be associated with resource shares.
-
UNATTACHABLE – This permission or version can't currently be associated with resource shares.
-
DELETING – This permission or version is in the process of being deleted.
-
DELETED – This permission or version is deleted.
",
+ "AssociatedPermission$resourceShareArn": "The Amazon Resource Name (ARN) of a resource share associated with this permission.
",
+ "CreatePermissionRequest$resourceType": "Specifies the name of the resource type that this customer managed permission applies to.
The format is <service-code>:<resource-type> and is not case sensitive. For example, to specify an Amazon EC2 Subnet, you can use the string ec2:subnet. To see the list of valid values for this parameter, query the ListResourceTypes operation.
",
+ "CreatePermissionRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
+ "CreatePermissionResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
+ "CreatePermissionVersionRequest$permissionArn": "Specifies the Amazon Resource Name (ARN) of the customer managed permission you're creating a new version for.
",
+ "CreatePermissionVersionRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
+ "CreatePermissionVersionResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
"CreateResourceShareRequest$name": "Specifies the name of the resource share.
",
- "CreateResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
",
+ "CreateResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
"CreateResourceShareResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
- "DeleteResourceShareRequest$resourceShareArn": "Specifies the Amazon Resoure Name (ARN) of the resource share to delete.
",
- "DeleteResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
",
+ "DeletePermissionRequest$permissionArn": "Specifies the Amazon Resource Name (ARN) of the customer managed permission that you want to delete.
",
+ "DeletePermissionRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
+ "DeletePermissionResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
+ "DeletePermissionVersionRequest$permissionArn": "Specifies the Amazon Resource Name (ARN) of the permission with the version you want to delete.
",
+ "DeletePermissionVersionRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
+ "DeletePermissionVersionResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
+ "DeleteResourceShareRequest$resourceShareArn": "Specifies the Amazon Resource Name (ARN) of the resource share to delete.
",
+ "DeleteResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
"DeleteResourceShareResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
- "DisassociateResourceSharePermissionRequest$resourceShareArn": "The Amazon Resoure Name (ARN) of the resource share from which you want to disassociate a permission.
",
- "DisassociateResourceSharePermissionRequest$permissionArn": "The Amazon Resoure Name (ARN) of the permission to disassociate from the resource share. Changes to permissions take effect immediately.
",
- "DisassociateResourceSharePermissionRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
",
+ "DisassociateResourceSharePermissionRequest$resourceShareArn": "The Amazon Resource Name (ARN) of the resource share that you want to remove the managed permission from.
",
+ "DisassociateResourceSharePermissionRequest$permissionArn": "The Amazon Resource Name (ARN) of the managed permission to disassociate from the resource share. Changes to permissions take effect immediately.
",
+ "DisassociateResourceSharePermissionRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
"DisassociateResourceSharePermissionResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
- "DisassociateResourceShareRequest$resourceShareArn": "Specifies Amazon Resoure Name (ARN) of the resource share that you want to remove resources from.
",
- "DisassociateResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
",
+ "DisassociateResourceShareRequest$resourceShareArn": "Specifies Amazon Resource Name (ARN) of the resource share that you want to remove resources or principals from.
",
+ "DisassociateResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
"DisassociateResourceShareResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
- "GetPermissionRequest$permissionArn": "Specifies the Amazon Resoure Name (ARN) of the permission whose contents you want to retrieve. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the RAM console and then choose the name of the permission. The ARN is displayed on the detail page.
",
+ "GetPermissionRequest$permissionArn": "Specifies the Amazon Resource Name (ARN) of the permission whose contents you want to retrieve. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the RAM console and then choose the name of the permission. The ARN is displayed on the detail page.
",
"GetResourcePoliciesRequest$principal": "Specifies the principal.
",
"GetResourcePoliciesRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
"GetResourcePoliciesResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
- "GetResourceShareAssociationsRequest$resourceArn": "Specifies the Amazon Resoure Name (ARN) of the resource whose resource shares you want to retrieve.
You cannot specify this parameter if the association type is PRINCIPAL.
",
- "GetResourceShareAssociationsRequest$principal": "Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the Amazon Resoure Name (ARN) of an individual IAM user or role.
You cannot specify this parameter if the association type is RESOURCE.
",
+ "GetResourceShareAssociationsRequest$resourceArn": "Specifies the Amazon Resource Name (ARN) of a resource whose resource shares you want to retrieve.
You cannot specify this parameter if the association type is PRINCIPAL.
",
+ "GetResourceShareAssociationsRequest$principal": "Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the Amazon Resource Name (ARN) of an individual IAM user or role.
You cannot specify this parameter if the association type is RESOURCE.
",
"GetResourceShareAssociationsRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
"GetResourceShareAssociationsResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
"GetResourceShareInvitationsRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
"GetResourceShareInvitationsResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
"GetResourceSharesRequest$name": "Specifies the name of an individual resource share that you want to retrieve details about.
",
"GetResourceSharesRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
- "GetResourceSharesRequest$permissionArn": "Specifies that you want to retrieve details of only those resource shares that use the RAM permission with this Amazon Resoure Name (ARN).
",
+ "GetResourceSharesRequest$permissionArn": "Specifies that you want to retrieve details of only those resource shares that use the managed permission with this Amazon Resource Name (ARN).
",
"GetResourceSharesResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
"IdempotentParameterMismatchException$message": null,
"InvalidClientTokenException$message": null,
"InvalidMaxResultsException$message": null,
"InvalidNextTokenException$message": null,
"InvalidParameterException$message": null,
+ "InvalidPolicyException$message": null,
"InvalidResourceTypeException$message": null,
"InvalidStateTransitionException$message": null,
- "ListPendingInvitationResourcesRequest$resourceShareInvitationArn": "Specifies the Amazon Resoure Name (ARN) of the invitation. You can use GetResourceShareInvitations to find the ARN of the invitation.
",
+ "ListPendingInvitationResourcesRequest$resourceShareInvitationArn": "Specifies the Amazon Resource Name (ARN) of the invitation. You can use GetResourceShareInvitations to find the ARN of the invitation.
",
"ListPendingInvitationResourcesRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
"ListPendingInvitationResourcesResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
- "ListPermissionVersionsRequest$permissionArn": "Specifies the Amazon Resoure Name (ARN) of the RAM permission whose versions you want to list. You can use the permissionVersion parameter on the AssociateResourceSharePermission operation to specify a non-default version to attach.
",
+ "ListPermissionAssociationsRequest$permissionArn": "Specifies the Amazon Resource Name (ARN) of the managed permission.
",
+ "ListPermissionAssociationsRequest$resourceType": "Specifies that you want to list only those associations with resource shares that include at least one resource of this resource type.
",
+ "ListPermissionAssociationsRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
+ "ListPermissionAssociationsResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
+ "ListPermissionVersionsRequest$permissionArn": "Specifies the Amazon Resource Name (ARN) of the RAM permission whose versions you want to list. You can use the permissionVersion parameter on the AssociateResourceSharePermission operation to specify a non-default version to attach.
",
"ListPermissionVersionsRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
"ListPermissionVersionsResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
- "ListPermissionsRequest$resourceType": "Specifies that you want to list permissions for only the specified resource type. For example, to list only permissions that apply to EC2 subnets, specify ec2:Subnet. You can use the ListResourceTypes operation to get the specific string required.
",
+ "ListPermissionsRequest$resourceType": "Specifies that you want to list only those permissions that apply to the specified resource type. This parameter is not case sensitive.
For example, to list only permissions that apply to Amazon EC2 subnets, specify ec2:subnet. You can use the ListResourceTypes operation to get the specific string required.
",
"ListPermissionsRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
"ListPermissionsResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
- "ListPrincipalsRequest$resourceArn": "Specifies that you want to list principal information for the resource share with the specified Amazon Resoure Name (ARN).
",
+ "ListPrincipalsRequest$resourceArn": "Specifies that you want to list principal information for the resource share with the specified Amazon Resource Name (ARN).
",
"ListPrincipalsRequest$resourceType": "Specifies that you want to list information for only principals associated with resource shares that include the specified resource type.
For a list of valid values, query the ListResourceTypes operation.
",
"ListPrincipalsRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
"ListPrincipalsResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
- "ListResourceSharePermissionsRequest$resourceShareArn": "Specifies the Amazon Resoure Name (ARN) of the resource share for which you want to retrieve the associated permissions.
",
+ "ListReplacePermissionAssociationsWorkRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
+ "ListReplacePermissionAssociationsWorkResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
+ "ListResourceSharePermissionsRequest$resourceShareArn": "Specifies the Amazon Resource Name (ARN) of the resource share for which you want to retrieve the associated permissions.
",
"ListResourceSharePermissionsRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
"ListResourceSharePermissionsResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
"ListResourceTypesRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
@@ -685,67 +928,92 @@
"ListResourcesRequest$nextToken": "Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
",
"ListResourcesResponse$nextToken": "If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
",
"MalformedArnException$message": null,
+ "MalformedPolicyTemplateException$message": null,
"MissingRequiredParameterException$message": null,
"OperationNotPermittedException$message": null,
+ "PermissionAlreadyExistsException$message": null,
"PermissionArnList$member": null,
- "Principal$id": "The ID of the principal.
",
- "Principal$resourceShareArn": "The Amazon Resoure Name (ARN) of a resource share the principal is associated with.
",
+ "PermissionLimitExceededException$message": null,
+ "PermissionVersionsLimitExceededException$message": null,
+ "Principal$id": "The ID of the principal that can be associated with a resource share.
",
+ "Principal$resourceShareArn": "The Amazon Resource Name (ARN) of a resource share the principal is associated with.
",
"PrincipalArnOrIdList$member": null,
- "PromoteResourceShareCreatedFromPolicyRequest$resourceShareArn": "Specifies the Amazon Resoure Name (ARN) of the resource share to promote.
",
- "RejectResourceShareInvitationRequest$resourceShareInvitationArn": "Specifies the Amazon Resoure Name (ARN) of the invitation that you want to reject.
",
- "RejectResourceShareInvitationRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
",
+ "PromotePermissionCreatedFromPolicyRequest$permissionArn": "Specifies the Amazon Resource Name (ARN) of the CREATED_FROM_POLICY permission that you want to promote. You can get this Amazon Resource Name (ARN) by calling the ListResourceSharePermissions operation.
",
+ "PromotePermissionCreatedFromPolicyRequest$name": "Specifies a name for the promoted customer managed permission.
",
+ "PromotePermissionCreatedFromPolicyRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
+ "PromotePermissionCreatedFromPolicyResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
+ "PromoteResourceShareCreatedFromPolicyRequest$resourceShareArn": "Specifies the Amazon Resource Name (ARN) of the resource share to promote.
",
+ "RejectResourceShareInvitationRequest$resourceShareInvitationArn": "Specifies the Amazon Resource Name (ARN) of the invitation that you want to reject.
",
+ "RejectResourceShareInvitationRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
"RejectResourceShareInvitationResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
- "Resource$arn": "The Amazon Resoure Name (ARN) of the resource.
",
- "Resource$type": "The resource type. This takes the form of: service-code:resource-code
",
- "Resource$resourceShareArn": "The Amazon Resoure Name (ARN) of the resource share this resource is associated with.
",
- "Resource$resourceGroupArn": "The Amazon Resoure Name (ARN) of the resource group. This value is available only if the resource is part of a resource group.
",
+ "ReplacePermissionAssociationsRequest$fromPermissionArn": "Specifies the Amazon Resource Name (ARN) of the managed permission that you want to replace.
",
+ "ReplacePermissionAssociationsRequest$toPermissionArn": "Specifies the ARN of the managed permission that you want to associate with resource shares in place of the one specified by fromPerssionArn and fromPermissionVersion.
The operation always associates the version that is currently the default for the specified managed permission.
",
+ "ReplacePermissionAssociationsRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
+ "ReplacePermissionAssociationsResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
+ "ReplacePermissionAssociationsWork$id": "The unique identifier for the background task associated with one ReplacePermissionAssociations request.
",
+ "ReplacePermissionAssociationsWork$fromPermissionArn": "The Amazon Resource Name (ARN) of the managed permission that this background task is replacing.
",
+ "ReplacePermissionAssociationsWork$fromPermissionVersion": "The version of the managed permission that this background task is replacing.
",
+ "ReplacePermissionAssociationsWork$toPermissionArn": "The ARN of the managed permission that this background task is associating with the resource shares in place of the managed permission and version specified in fromPermissionArn and fromPermissionVersion.
",
+ "ReplacePermissionAssociationsWork$toPermissionVersion": "The version of the managed permission that this background task is associating with the resource shares. This is always the version that is currently the default for this managed permission.
",
+ "ReplacePermissionAssociationsWork$statusMessage": "Specifies the reason for a FAILED status. This field is present only when there status is FAILED.
",
+ "ReplacePermissionAssociationsWorkIdList$member": null,
+ "Resource$arn": "The Amazon Resource Name (ARN) of the resource.
",
+ "Resource$type": "The resource type. This takes the form of: service-code:resource-code, and is case-insensitive. For example, an Amazon EC2 Subnet would be represented by the string ec2:subnet.
",
+ "Resource$resourceShareArn": "The Amazon Resource Name (ARN) of the resource share this resource is associated with.
",
+ "Resource$resourceGroupArn": "The Amazon Resource Name (ARN) of the resource group. This value is available only if the resource is part of a resource group.
",
"Resource$statusMessage": "A message about the status of the resource.
",
"ResourceArnList$member": null,
"ResourceArnNotFoundException$message": null,
- "ResourceShare$resourceShareArn": "The Amazon Resoure Name (ARN) of the resource share
",
+ "ResourceShare$resourceShareArn": "The Amazon Resource Name (ARN) of the resource share
",
"ResourceShare$name": "The name of the resource share.
",
"ResourceShare$owningAccountId": "The ID of the Amazon Web Services account that owns the resource share.
",
"ResourceShare$statusMessage": "A message about the status of the resource share.
",
"ResourceShareArnList$member": null,
- "ResourceShareAssociation$resourceShareArn": "The Amazon Resoure Name (ARN) of the resource share.
",
+ "ResourceShareAssociation$resourceShareArn": "The Amazon Resource Name (ARN) of the resource share.
",
"ResourceShareAssociation$resourceShareName": "The name of the resource share.
",
- "ResourceShareAssociation$associatedEntity": "The associated entity. This can be either of the following:
-
For a resource association, this is the Amazon Resoure Name (ARN) of the resource.
-
For principal associations, this is one of the following:
-
The ID of an Amazon Web Services account
-
The Amazon Resoure Name (ARN) of an organization in Organizations
-
The ARN of an organizational unit (OU) in Organizations
-
The ARN of an IAM role
-
The ARN of an IAM user
",
+ "ResourceShareAssociation$associatedEntity": "The associated entity. This can be either of the following:
-
For a resource association, this is the Amazon Resource Name (ARN) of the resource.
-
For principal associations, this is one of the following:
-
The ID of an Amazon Web Services account
-
The Amazon Resource Name (ARN) of an organization in Organizations
-
The ARN of an organizational unit (OU) in Organizations
-
The ARN of an IAM role
-
The ARN of an IAM user
",
"ResourceShareAssociation$statusMessage": "A message about the status of the association.
",
- "ResourceShareInvitation$resourceShareInvitationArn": "The Amazon Resoure Name (ARN) of the invitation.
",
+ "ResourceShareInvitation$resourceShareInvitationArn": "The Amazon Resource Name (ARN) of the invitation.
",
"ResourceShareInvitation$resourceShareName": "The name of the resource share.
",
- "ResourceShareInvitation$resourceShareArn": "The Amazon Resoure Name (ARN) of the resource share
",
+ "ResourceShareInvitation$resourceShareArn": "The Amazon Resource Name (ARN) of the resource share
",
"ResourceShareInvitation$senderAccountId": "The ID of the Amazon Web Services account that sent the invitation.
",
"ResourceShareInvitation$receiverAccountId": "The ID of the Amazon Web Services account that received the invitation.
",
- "ResourceShareInvitation$receiverArn": "The Amazon Resoure Name (ARN) of the IAM user or role that received the invitation.
",
+ "ResourceShareInvitation$receiverArn": "The Amazon Resource Name (ARN) of the IAM user or role that received the invitation.
",
"ResourceShareInvitationAlreadyAcceptedException$message": null,
"ResourceShareInvitationAlreadyRejectedException$message": null,
"ResourceShareInvitationArnList$member": null,
"ResourceShareInvitationArnNotFoundException$message": null,
"ResourceShareInvitationExpiredException$message": null,
"ResourceShareLimitExceededException$message": null,
- "ResourceSharePermissionDetail$arn": "The Amazon Resoure Name (ARN) of this RAM permission.
",
- "ResourceSharePermissionDetail$version": "The version of the permission represented in this structure.
",
+ "ResourceSharePermissionDetail$arn": "The Amazon Resource Name (ARN) of this RAM managed permission.
",
+ "ResourceSharePermissionDetail$version": "The version of the permission described in this response.
",
"ResourceSharePermissionDetail$name": "The name of this permission.
",
"ResourceSharePermissionDetail$resourceType": "The resource type to which this permission applies.
",
"ResourceSharePermissionDetail$permission": "The permission's effect and actions in JSON format. The effect indicates whether the specified actions are allowed or denied. The actions list the operations to which the principal is granted or denied access.
",
- "ResourceSharePermissionSummary$arn": "The Amazon Resoure Name (ARN) of the permission you want information about.
",
- "ResourceSharePermissionSummary$version": "The version of the permission represented in this structure.
",
- "ResourceSharePermissionSummary$name": "The name of this permission.
",
- "ResourceSharePermissionSummary$resourceType": "The type of resource to which this permission applies.
",
+ "ResourceSharePermissionSummary$arn": "The Amazon Resource Name (ARN) of the permission you want information about.
",
+ "ResourceSharePermissionSummary$version": "The version of the permission associated with this resource share.
",
+ "ResourceSharePermissionSummary$name": "The name of this managed permission.
",
+ "ResourceSharePermissionSummary$resourceType": "The type of resource to which this permission applies. This takes the form of: service-code:resource-code, and is case-insensitive. For example, an Amazon EC2 Subnet would be represented by the string ec2:subnet.
",
"ResourceSharePermissionSummary$status": "The current status of the permission.
",
"ServerInternalException$message": null,
- "ServiceNameAndResourceType$resourceType": "The type of the resource.
",
+ "ServiceNameAndResourceType$resourceType": "The type of the resource. This takes the form of: service-code:resource-code, and is case-insensitive. For example, an Amazon EC2 Subnet would be represented by the string ec2:subnet.
",
"ServiceNameAndResourceType$serviceName": "The name of the Amazon Web Services service to which resources of this type belong.
",
"ServiceUnavailableException$message": null,
+ "SetDefaultPermissionVersionRequest$permissionArn": "Specifies the Amazon Resource Name (ARN) of the customer managed permission whose default version you want to change.
",
+ "SetDefaultPermissionVersionRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
+ "SetDefaultPermissionVersionResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
",
"TagLimitExceededException$message": null,
"TagPolicyViolationException$message": null,
- "TagResourceRequest$resourceShareArn": "Specifies the Amazon Resoure Name (ARN) of the resource share that you want to add tags to.
",
+ "TagResourceRequest$resourceShareArn": "Specifies the Amazon Resource Name (ARN) of the resource share that you want to add tags to. You must specify either resourceShareArn, or resourceArn, but not both.
",
+ "TagResourceRequest$resourceArn": "Specifies the Amazon Resource Name (ARN) of the managed permission that you want to add tags to. You must specify either resourceArn, or resourceShareArn, but not both.
",
"ThrottlingException$message": null,
"UnknownResourceException$message": null,
- "UntagResourceRequest$resourceShareArn": "Specifies the Amazon Resoure Name (ARN) of the resource share that you want to remove tags from. The tags are removed from the resource share, not the resources in the resource share.
",
- "UpdateResourceShareRequest$resourceShareArn": "Specifies the Amazon Resoure Name (ARN) of the resource share that you want to modify.
",
+ "UnmatchedPolicyPermissionException$message": null,
+ "UntagResourceRequest$resourceShareArn": "Specifies the Amazon Resource Name (ARN) of the resource share that you want to remove tags from. The tags are removed from the resource share, not the resources in the resource share. You must specify either resourceShareArn, or resourceArn, but not both.
",
+ "UntagResourceRequest$resourceArn": "Specifies the Amazon Resource Name (ARN) of the managed permission that you want to remove tags from. You must specify either resourceArn, or resourceShareArn, but not both.
",
+ "UpdateResourceShareRequest$resourceShareArn": "Specifies the Amazon Resource Name (ARN) of the resource share that you want to modify.
",
"UpdateResourceShareRequest$name": "If specified, the new name that you want to attach to the resource share.
",
- "UpdateResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
",
+ "UpdateResourceShareRequest$clientToken": "Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
",
"UpdateResourceShareResponse$clientToken": "The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.
"
}
},
@@ -782,20 +1050,23 @@
}
},
"TagLimitExceededException": {
- "base": "This request would exceed the limit for tags for your account.
",
+ "base": "The operation failed because it would exceed the limit for tags for your Amazon Web Services account.
",
"refs": {
}
},
"TagList": {
"base": null,
"refs": {
+ "CreatePermissionRequest$tags": "Specifies a list of one or more tag key and value pairs to attach to the permission.
",
"CreateResourceShareRequest$tags": "Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share.
",
"ResourceShare$tags": "The tag key and value pairs attached to the resource share.
",
+ "ResourceSharePermissionDetail$tags": "The tag key and value pairs attached to the resource share.
",
+ "ResourceSharePermissionSummary$tags": "A list of the tag key value pairs currently attached to the permission.
",
"TagResourceRequest$tags": "A list of one or more tag key and value pairs. The tag key must be present and not be an empty string. The tag value must be present but can be an empty string.
"
}
},
"TagPolicyViolationException": {
- "base": "The specified tag key is a reserved word and can't be used.
",
+ "base": "The operation failed because the specified tag key is a reserved word and can't be used.
",
"refs": {
}
},
@@ -823,12 +1094,17 @@
}
},
"ThrottlingException": {
- "base": "You exceeded the rate at which you are allowed to perform this operation. Please try again later.
",
+ "base": "The operation failed because it exceeded the rate at which you are allowed to perform this operation. Please try again later.
",
"refs": {
}
},
"UnknownResourceException": {
- "base": "A specified resource was not found.
",
+ "base": "The operation failed because a specified resource couldn't be found.
",
+ "refs": {
+ }
+ },
+ "UnmatchedPolicyPermissionException": {
+ "base": "There isn't an existing managed permission defined in RAM that has the same IAM permissions as the resource-based policy attached to the resource. You should first run PromotePermissionCreatedFromPolicy to create that managed permission.
",
"refs": {
}
},
diff --git a/models/apis/ram/2018-01-04/endpoint-rule-set-1.json b/models/apis/ram/2018-01-04/endpoint-rule-set-1.json
index 8c3a83052a0..a5e436f21bf 100644
--- a/models/apis/ram/2018-01-04/endpoint-rule-set-1.json
+++ b/models/apis/ram/2018-01-04/endpoint-rule-set-1.json
@@ -3,7 +3,7 @@
"parameters": {
"Region": {
"builtIn": "AWS::Region",
- "required": true,
+ "required": false,
"documentation": "The AWS region used to dispatch the request.",
"type": "String"
},
@@ -32,13 +32,12 @@
{
"conditions": [
{
- "fn": "aws.partition",
+ "fn": "isSet",
"argv": [
{
- "ref": "Region"
+ "ref": "Endpoint"
}
- ],
- "assign": "PartitionResult"
+ ]
}
],
"type": "tree",
@@ -46,14 +45,20 @@
{
"conditions": [
{
- "fn": "isSet",
+ "fn": "booleanEquals",
"argv": [
{
- "ref": "Endpoint"
- }
+ "ref": "UseFIPS"
+ },
+ true
]
}
],
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
"type": "tree",
"rules": [
{
@@ -62,67 +67,42 @@
"fn": "booleanEquals",
"argv": [
{
- "ref": "UseFIPS"
+ "ref": "UseDualStack"
},
true
]
}
],
- "error": "Invalid Configuration: FIPS and custom endpoint are not supported",
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
"type": "error"
},
{
"conditions": [],
- "type": "tree",
- "rules": [
- {
- "conditions": [
- {
- "fn": "booleanEquals",
- "argv": [
- {
- "ref": "UseDualStack"
- },
- true
- ]
- }
- ],
- "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
- "type": "error"
+ "endpoint": {
+ "url": {
+ "ref": "Endpoint"
},
- {
- "conditions": [],
- "endpoint": {
- "url": {
- "ref": "Endpoint"
- },
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
- }
- ]
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
}
]
- },
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
{
"conditions": [
{
- "fn": "booleanEquals",
- "argv": [
- {
- "ref": "UseFIPS"
- },
- true
- ]
- },
- {
- "fn": "booleanEquals",
+ "fn": "isSet",
"argv": [
{
- "ref": "UseDualStack"
- },
- true
+ "ref": "Region"
+ }
]
}
],
@@ -131,179 +111,240 @@
{
"conditions": [
{
- "fn": "booleanEquals",
+ "fn": "aws.partition",
"argv": [
- true,
{
- "fn": "getAttr",
+ "ref": "Region"
+ }
+ ],
+ "assign": "PartitionResult"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
"argv": [
{
- "ref": "PartitionResult"
+ "ref": "UseFIPS"
},
- "supportsFIPS"
+ true
]
- }
- ]
- },
- {
- "fn": "booleanEquals",
- "argv": [
- true,
+ },
{
- "fn": "getAttr",
+ "fn": "booleanEquals",
"argv": [
{
- "ref": "PartitionResult"
+ "ref": "UseDualStack"
},
- "supportsDualStack"
+ true
]
}
- ]
- }
- ],
- "type": "tree",
- "rules": [
- {
- "conditions": [],
+ ],
"type": "tree",
"rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://ram-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
{
"conditions": [],
- "endpoint": {
- "url": "https://ram-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
+ "type": "error"
}
]
- }
- ]
- },
- {
- "conditions": [],
- "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
- "type": "error"
- }
- ]
- },
- {
- "conditions": [
- {
- "fn": "booleanEquals",
- "argv": [
- {
- "ref": "UseFIPS"
},
- true
- ]
- }
- ],
- "type": "tree",
- "rules": [
- {
- "conditions": [
{
- "fn": "booleanEquals",
- "argv": [
- true,
+ "conditions": [
{
- "fn": "getAttr",
+ "fn": "booleanEquals",
"argv": [
{
- "ref": "PartitionResult"
+ "ref": "UseFIPS"
},
- "supportsFIPS"
+ true
]
}
- ]
- }
- ],
- "type": "tree",
- "rules": [
- {
- "conditions": [],
+ ],
"type": "tree",
"rules": [
{
"conditions": [
{
- "fn": "stringEquals",
+ "fn": "booleanEquals",
"argv": [
- "aws-us-gov",
+ true,
{
"fn": "getAttr",
"argv": [
{
"ref": "PartitionResult"
},
- "name"
+ "supportsFIPS"
]
}
]
}
],
- "endpoint": {
- "url": "https://ram.{Region}.amazonaws.com",
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "stringEquals",
+ "argv": [
+ "aws-us-gov",
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "name"
+ ]
+ }
+ ]
+ }
+ ],
+ "endpoint": {
+ "url": "https://ram.{Region}.amazonaws.com",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://ram-fips.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
},
{
"conditions": [],
- "endpoint": {
- "url": "https://ram-fips.{Region}.{PartitionResult#dnsSuffix}",
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
+ "error": "FIPS is enabled but this partition does not support FIPS",
+ "type": "error"
}
]
- }
- ]
- },
- {
- "conditions": [],
- "error": "FIPS is enabled but this partition does not support FIPS",
- "type": "error"
- }
- ]
- },
- {
- "conditions": [
- {
- "fn": "booleanEquals",
- "argv": [
- {
- "ref": "UseDualStack"
},
- true
- ]
- }
- ],
- "type": "tree",
- "rules": [
- {
- "conditions": [
{
- "fn": "booleanEquals",
- "argv": [
- true,
+ "conditions": [
{
- "fn": "getAttr",
+ "fn": "booleanEquals",
"argv": [
{
- "ref": "PartitionResult"
+ "ref": "UseDualStack"
},
- "supportsDualStack"
+ true
]
}
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://ram.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "DualStack is enabled but this partition does not support DualStack",
+ "type": "error"
+ }
]
- }
- ],
- "type": "tree",
- "rules": [
+ },
{
"conditions": [],
"type": "tree",
@@ -311,7 +352,7 @@
{
"conditions": [],
"endpoint": {
- "url": "https://ram.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "url": "https://ram.{Region}.{PartitionResult#dnsSuffix}",
"properties": {},
"headers": {}
},
@@ -320,66 +361,13 @@
]
}
]
- },
- {
- "conditions": [],
- "error": "DualStack is enabled but this partition does not support DualStack",
- "type": "error"
}
]
},
{
"conditions": [],
- "type": "tree",
- "rules": [
- {
- "conditions": [
- {
- "fn": "stringEquals",
- "argv": [
- {
- "ref": "Region"
- },
- "us-gov-east-1"
- ]
- }
- ],
- "endpoint": {
- "url": "https://ram.us-gov-east-1.amazonaws.com",
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
- },
- {
- "conditions": [
- {
- "fn": "stringEquals",
- "argv": [
- {
- "ref": "Region"
- },
- "us-gov-west-1"
- ]
- }
- ],
- "endpoint": {
- "url": "https://ram.us-gov-west-1.amazonaws.com",
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
- },
- {
- "conditions": [],
- "endpoint": {
- "url": "https://ram.{Region}.{PartitionResult#dnsSuffix}",
- "properties": {},
- "headers": {}
- },
- "type": "endpoint"
- }
- ]
+ "error": "Invalid Configuration: Missing Region",
+ "type": "error"
}
]
}
diff --git a/models/apis/ram/2018-01-04/endpoint-tests-1.json b/models/apis/ram/2018-01-04/endpoint-tests-1.json
index ae93b72d735..ba2b34bc76a 100644
--- a/models/apis/ram/2018-01-04/endpoint-tests-1.json
+++ b/models/apis/ram/2018-01-04/endpoint-tests-1.json
@@ -1,222 +1,209 @@
{
"testCases": [
{
- "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.cn-north-1.amazonaws.com.cn"
+ "url": "https://ram.af-south-1.amazonaws.com"
}
},
"params": {
- "Region": "cn-north-1",
+ "Region": "af-south-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.cn-northwest-1.amazonaws.com.cn"
+ "url": "https://ram.ap-east-1.amazonaws.com"
}
},
"params": {
- "Region": "cn-northwest-1",
+ "Region": "ap-east-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled",
- "expect": {
- "endpoint": {
- "url": "https://ram-fips.cn-north-1.api.amazonwebservices.com.cn"
- }
- },
- "params": {
- "Region": "cn-north-1",
- "UseFIPS": true,
- "UseDualStack": true
- }
- },
- {
- "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled",
+ "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram-fips.cn-north-1.amazonaws.com.cn"
+ "url": "https://ram.ap-northeast-1.amazonaws.com"
}
},
"params": {
- "Region": "cn-north-1",
- "UseFIPS": true,
+ "Region": "ap-northeast-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
+ "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.cn-north-1.api.amazonwebservices.com.cn"
+ "url": "https://ram.ap-northeast-2.amazonaws.com"
}
},
"params": {
- "Region": "cn-north-1",
+ "Region": "ap-northeast-2",
"UseFIPS": false,
- "UseDualStack": true
+ "UseDualStack": false
}
},
{
- "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.us-isob-east-1.sc2s.sgov.gov"
+ "url": "https://ram.ap-northeast-3.amazonaws.com"
}
},
"params": {
- "Region": "us-isob-east-1",
+ "Region": "ap-northeast-3",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
+ "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram-fips.us-isob-east-1.sc2s.sgov.gov"
+ "url": "https://ram.ap-south-1.amazonaws.com"
}
},
"params": {
- "Region": "us-isob-east-1",
- "UseFIPS": true,
+ "Region": "ap-south-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.us-gov-east-1.amazonaws.com"
+ "url": "https://ram.ap-southeast-1.amazonaws.com"
}
},
"params": {
- "Region": "us-gov-east-1",
+ "Region": "ap-southeast-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.us-gov-east-1.amazonaws.com"
+ "url": "https://ram.ap-southeast-2.amazonaws.com"
}
},
"params": {
- "Region": "us-gov-east-1",
- "UseFIPS": true,
+ "Region": "ap-southeast-2",
+ "UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.us-gov-west-1.amazonaws.com"
+ "url": "https://ram.ap-southeast-3.amazonaws.com"
}
},
"params": {
- "Region": "us-gov-west-1",
+ "Region": "ap-southeast-3",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled",
+ "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.us-gov-west-1.amazonaws.com"
+ "url": "https://ram.ca-central-1.amazonaws.com"
}
},
"params": {
- "Region": "us-gov-west-1",
- "UseFIPS": true,
+ "Region": "ca-central-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
+ "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram-fips.us-gov-east-1.api.aws"
+ "url": "https://ram-fips.ca-central-1.amazonaws.com"
}
},
"params": {
- "Region": "us-gov-east-1",
+ "Region": "ca-central-1",
"UseFIPS": true,
- "UseDualStack": true
+ "UseDualStack": false
}
},
{
- "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
+ "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.us-gov-east-1.api.aws"
+ "url": "https://ram.eu-central-1.amazonaws.com"
}
},
"params": {
- "Region": "us-gov-east-1",
+ "Region": "eu-central-1",
"UseFIPS": false,
- "UseDualStack": true
+ "UseDualStack": false
}
},
{
- "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled",
+ "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.us-east-2.amazonaws.com"
+ "url": "https://ram.eu-north-1.amazonaws.com"
}
},
"params": {
- "Region": "us-east-2",
+ "Region": "eu-north-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled",
+ "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram-fips.us-east-2.amazonaws.com"
+ "url": "https://ram.eu-south-1.amazonaws.com"
}
},
"params": {
- "Region": "us-east-2",
- "UseFIPS": true,
+ "Region": "eu-south-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.eu-north-1.amazonaws.com"
+ "url": "https://ram.eu-west-1.amazonaws.com"
}
},
"params": {
- "Region": "eu-north-1",
+ "Region": "eu-west-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.me-south-1.amazonaws.com"
+ "url": "https://ram.eu-west-2.amazonaws.com"
}
},
"params": {
- "Region": "me-south-1",
+ "Region": "eu-west-2",
"UseFIPS": false,
"UseDualStack": false
}
@@ -235,27 +222,27 @@
}
},
{
- "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled",
+ "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.eu-west-2.amazonaws.com"
+ "url": "https://ram.me-south-1.amazonaws.com"
}
},
"params": {
- "Region": "eu-west-2",
+ "Region": "me-south-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.eu-west-1.amazonaws.com"
+ "url": "https://ram.sa-east-1.amazonaws.com"
}
},
"params": {
- "Region": "eu-west-1",
+ "Region": "sa-east-1",
"UseFIPS": false,
"UseDualStack": false
}
@@ -287,67 +274,54 @@
}
},
{
- "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled",
- "expect": {
- "endpoint": {
- "url": "https://ram.ap-northeast-3.amazonaws.com"
- }
- },
- "params": {
- "Region": "ap-northeast-3",
- "UseFIPS": false,
- "UseDualStack": false
- }
- },
- {
- "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled",
+ "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.ap-northeast-2.amazonaws.com"
+ "url": "https://ram.us-east-2.amazonaws.com"
}
},
"params": {
- "Region": "ap-northeast-2",
+ "Region": "us-east-2",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.ap-northeast-1.amazonaws.com"
+ "url": "https://ram-fips.us-east-2.amazonaws.com"
}
},
"params": {
- "Region": "ap-northeast-1",
- "UseFIPS": false,
+ "Region": "us-east-2",
+ "UseFIPS": true,
"UseDualStack": false
}
},
{
- "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.ap-south-1.amazonaws.com"
+ "url": "https://ram.us-west-1.amazonaws.com"
}
},
"params": {
- "Region": "ap-south-1",
+ "Region": "us-west-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.af-south-1.amazonaws.com"
+ "url": "https://ram-fips.us-west-1.amazonaws.com"
}
},
"params": {
- "Region": "af-south-1",
- "UseFIPS": false,
+ "Region": "us-west-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
@@ -378,170 +352,170 @@
}
},
{
- "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
"expect": {
"endpoint": {
- "url": "https://ram.us-west-1.amazonaws.com"
+ "url": "https://ram-fips.us-east-1.api.aws"
}
},
"params": {
- "Region": "us-west-1",
- "UseFIPS": false,
- "UseDualStack": false
+ "Region": "us-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
}
},
{
- "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled",
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
"expect": {
"endpoint": {
- "url": "https://ram-fips.us-west-1.amazonaws.com"
+ "url": "https://ram.us-east-1.api.aws"
}
},
"params": {
- "Region": "us-west-1",
- "UseFIPS": true,
- "UseDualStack": false
+ "Region": "us-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
}
},
{
- "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.ca-central-1.amazonaws.com"
+ "url": "https://ram.cn-north-1.amazonaws.com.cn"
}
},
"params": {
- "Region": "ca-central-1",
+ "Region": "cn-north-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled",
+ "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram-fips.ca-central-1.amazonaws.com"
+ "url": "https://ram.cn-northwest-1.amazonaws.com.cn"
}
},
"params": {
- "Region": "ca-central-1",
- "UseFIPS": true,
+ "Region": "cn-northwest-1",
+ "UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled",
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled",
"expect": {
"endpoint": {
- "url": "https://ram.ap-southeast-3.amazonaws.com"
+ "url": "https://ram-fips.cn-north-1.api.amazonwebservices.com.cn"
}
},
"params": {
- "Region": "ap-southeast-3",
- "UseFIPS": false,
- "UseDualStack": false
+ "Region": "cn-north-1",
+ "UseFIPS": true,
+ "UseDualStack": true
}
},
{
- "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled",
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.ap-southeast-2.amazonaws.com"
+ "url": "https://ram-fips.cn-north-1.amazonaws.com.cn"
}
},
"params": {
- "Region": "ap-southeast-2",
- "UseFIPS": false,
+ "Region": "cn-north-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
{
- "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
"expect": {
"endpoint": {
- "url": "https://ram.ap-southeast-1.amazonaws.com"
+ "url": "https://ram.cn-north-1.api.amazonwebservices.com.cn"
}
},
"params": {
- "Region": "ap-southeast-1",
+ "Region": "cn-north-1",
"UseFIPS": false,
- "UseDualStack": false
+ "UseDualStack": true
}
},
{
- "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.eu-central-1.amazonaws.com"
+ "url": "https://ram.us-gov-east-1.amazonaws.com"
}
},
"params": {
- "Region": "eu-central-1",
+ "Region": "us-gov-east-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.eu-south-1.amazonaws.com"
+ "url": "https://ram.us-gov-east-1.amazonaws.com"
}
},
"params": {
- "Region": "eu-south-1",
- "UseFIPS": false,
+ "Region": "us-gov-east-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
{
- "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.ap-east-1.amazonaws.com"
+ "url": "https://ram.us-gov-west-1.amazonaws.com"
}
},
"params": {
- "Region": "ap-east-1",
+ "Region": "us-gov-west-1",
"UseFIPS": false,
"UseDualStack": false
}
},
{
- "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled",
+ "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled",
"expect": {
"endpoint": {
- "url": "https://ram.sa-east-1.amazonaws.com"
+ "url": "https://ram.us-gov-west-1.amazonaws.com"
}
},
"params": {
- "Region": "sa-east-1",
- "UseFIPS": false,
+ "Region": "us-gov-west-1",
+ "UseFIPS": true,
"UseDualStack": false
}
},
{
- "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
"expect": {
"endpoint": {
- "url": "https://ram-fips.us-east-1.api.aws"
+ "url": "https://ram-fips.us-gov-east-1.api.aws"
}
},
"params": {
- "Region": "us-east-1",
+ "Region": "us-gov-east-1",
"UseFIPS": true,
"UseDualStack": true
}
},
{
- "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
"expect": {
"endpoint": {
- "url": "https://ram.us-east-1.api.aws"
+ "url": "https://ram.us-gov-east-1.api.aws"
}
},
"params": {
- "Region": "us-east-1",
+ "Region": "us-gov-east-1",
"UseFIPS": false,
"UseDualStack": true
}
@@ -559,6 +533,17 @@
"UseDualStack": false
}
},
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
+ }
+ },
{
"documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled",
"expect": {
@@ -573,7 +558,66 @@
}
},
{
- "documentation": "For custom endpoint with fips disabled and dualstack disabled",
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://ram.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://ram-fips.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": true,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled",
"expect": {
"endpoint": {
"url": "https://example.com"
@@ -586,6 +630,19 @@
"Endpoint": "https://example.com"
}
},
+ {
+ "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://example.com"
+ }
+ },
+ "params": {
+ "UseFIPS": false,
+ "UseDualStack": false,
+ "Endpoint": "https://example.com"
+ }
+ },
{
"documentation": "For custom endpoint with fips enabled and dualstack disabled",
"expect": {
@@ -609,6 +666,12 @@
"UseDualStack": true,
"Endpoint": "https://example.com"
}
+ },
+ {
+ "documentation": "Missing region",
+ "expect": {
+ "error": "Invalid Configuration: Missing Region"
+ }
}
],
"version": "1.0"
diff --git a/models/apis/ram/2018-01-04/paginators-1.json b/models/apis/ram/2018-01-04/paginators-1.json
index 5e8aa9e9d56..56d409f61ad 100644
--- a/models/apis/ram/2018-01-04/paginators-1.json
+++ b/models/apis/ram/2018-01-04/paginators-1.json
@@ -25,6 +25,11 @@
"output_token": "nextToken",
"limit_key": "maxResults"
},
+ "ListPermissionAssociations": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults"
+ },
"ListPermissionVersions": {
"input_token": "nextToken",
"output_token": "nextToken",
@@ -40,6 +45,11 @@
"output_token": "nextToken",
"limit_key": "maxResults"
},
+ "ListReplacePermissionAssociationsWork": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults"
+ },
"ListResourceSharePermissions": {
"input_token": "nextToken",
"output_token": "nextToken",
diff --git a/models/apis/rds/2014-10-31/docs-2.json b/models/apis/rds/2014-10-31/docs-2.json
index f074c211f00..55eb7145c47 100644
--- a/models/apis/rds/2014-10-31/docs-2.json
+++ b/models/apis/rds/2014-10-31/docs-2.json
@@ -442,7 +442,7 @@
"DBInstance$PubliclyAccessible": "Specifies the accessibility options for the DB instance.
When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
For more information, see CreateDBInstance.
",
"DBInstance$StorageEncrypted": "Specifies whether the DB instance is encrypted.
",
"DBInstance$CopyTagsToSnapshot": "Specifies whether tags are copied from the DB instance to snapshots of the DB instance.
Amazon Aurora
Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting. For more information, see DBCluster.
",
- "DBInstance$IAMDatabaseAuthenticationEnabled": "True if mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false.
IAM database authentication can be enabled for the following database engines
-
For MySQL 5.6, minor version 5.6.34 or higher
-
For MySQL 5.7, minor version 5.7.16 or higher
-
Aurora 5.6 or higher. To enable IAM database authentication for Aurora, see DBCluster Type.
",
+ "DBInstance$IAMDatabaseAuthenticationEnabled": "True if mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false.
IAM database authentication can be enabled for the following database engines:
-
For MySQL 5.7, minor version 5.7.16 or higher.
-
For Amazon Aurora, all versions of Aurora MySQL and Aurora PostgreSQL.
",
"DBInstance$DeletionProtection": "Indicates if the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. For more information, see Deleting a DB Instance.
",
"DBInstanceAutomatedBackup$Encrypted": "Specifies whether the automated backup is encrypted.
",
"DBInstanceAutomatedBackup$IAMDatabaseAuthenticationEnabled": "True if mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false.
",
@@ -4020,14 +4020,14 @@
"CreateDBClusterMessage$DBSystemId": "Reserved for future use.
",
"CreateDBClusterMessage$MasterUserSecretKmsKeyId": "The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.
This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.
There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"CreateDBClusterParameterGroupMessage$DBClusterParameterGroupName": "The name of the DB cluster parameter group.
Constraints:
This value is stored as a lowercase string.
",
- "CreateDBClusterParameterGroupMessage$DBParameterGroupFamily": "The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family.
Aurora MySQL
Example: aurora5.6, aurora-mysql5.7, aurora-mysql8.0
Aurora PostgreSQL
Example: aurora-postgresql9.6
RDS for MySQL
Example: mysql8.0
RDS for PostgreSQL
Example: postgres12
To list all of the available parameter group families for a DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine <engine>
For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine aurora-postgresql
The output contains duplicates.
The following are the valid DB engine values:
",
+ "CreateDBClusterParameterGroupMessage$DBParameterGroupFamily": "The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family.
Aurora MySQL
Example: aurora-mysql5.7, aurora-mysql8.0
Aurora PostgreSQL
Example: aurora-postgresql14
RDS for MySQL
Example: mysql8.0
RDS for PostgreSQL
Example: postgres12
To list all of the available parameter group families for a DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine <engine>
For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine aurora-postgresql
The output contains duplicates.
The following are the valid DB engine values:
-
aurora-mysql
-
aurora-postgresql
-
mysql
-
postgres
",
"CreateDBClusterParameterGroupMessage$Description": "The description for the DB cluster parameter group.
",
"CreateDBClusterSnapshotMessage$DBClusterSnapshotIdentifier": "The identifier of the DB cluster snapshot. This parameter is stored as a lowercase string.
Constraints:
-
Must contain from 1 to 63 letters, numbers, or hyphens.
-
First character must be a letter.
-
Can't end with a hyphen or contain two consecutive hyphens.
Example: my-cluster1-snapshot1
",
"CreateDBClusterSnapshotMessage$DBClusterIdentifier": "The identifier of the DB cluster to create a snapshot for. This parameter isn't case-sensitive.
Constraints:
Example: my-cluster1
",
"CreateDBInstanceMessage$DBName": "The meaning of this parameter differs according to the database engine you use.
MySQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
-
Must contain 1 to 64 letters or numbers.
-
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
-
Can't be a word reserved by the specified database engine
MariaDB
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
-
Must contain 1 to 64 letters or numbers.
-
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
-
Can't be a word reserved by the specified database engine
PostgreSQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, a database named postgres is created in the DB instance.
Constraints:
-
Must contain 1 to 63 letters, numbers, or underscores.
-
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
-
Can't be a word reserved by the specified database engine
Oracle
The Oracle System ID (SID) of the created DB instance. If you specify null, the default value ORCL is used. You can't specify the string NULL, or any other reserved word, for DBName.
Default: ORCL
Constraints:
Amazon RDS Custom for Oracle
The Oracle System ID (SID) of the created RDS Custom DB instance. If you don't specify a value, the default value is ORCL.
Default: ORCL
Constraints:
-
It must contain 1 to 8 alphanumeric characters.
-
It must contain a letter.
-
It can't be a word reserved by the database engine.
Amazon RDS Custom for SQL Server
Not applicable. Must be null.
SQL Server
Not applicable. Must be null.
Amazon Aurora MySQL
The name of the database to create when the primary DB instance of the Aurora MySQL DB cluster is created. If this parameter isn't specified for an Aurora MySQL DB cluster, no database is created in the DB cluster.
Constraints:
Amazon Aurora PostgreSQL
The name of the database to create when the primary DB instance of the Aurora PostgreSQL DB cluster is created. If this parameter isn't specified for an Aurora PostgreSQL DB cluster, a database named postgres is created in the DB cluster.
Constraints:
-
It must contain 1 to 63 alphanumeric characters.
-
It must begin with a letter. Subsequent characters can be letters, underscores, or digits (0 to 9).
-
It can't be a word reserved by the database engine.
",
"CreateDBInstanceMessage$DBInstanceIdentifier": "The DB instance identifier. This parameter is stored as a lowercase string.
Constraints:
-
Must contain from 1 to 63 letters, numbers, or hyphens.
-
First character must be a letter.
-
Can't end with a hyphen or contain two consecutive hyphens.
Example: mydbinstance
",
"CreateDBInstanceMessage$DBInstanceClass": "The compute and memory capacity of the DB instance, for example db.m5.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB instance classes in the Amazon RDS User Guide or Aurora DB instance classes in the Amazon Aurora User Guide.
",
- "CreateDBInstanceMessage$Engine": "The name of the database engine to be used for this instance.
Not every database engine is available for every Amazon Web Services Region.
Valid Values:
-
aurora (for MySQL 5.6-compatible Aurora)
-
aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)
-
aurora-postgresql
-
custom-oracle-ee (for RDS Custom for Oracle DB instances)
-
custom-oracle-ee-cdb (for RDS Custom for Oracle DB instances)
-
custom-sqlserver-ee (for RDS Custom for SQL Server DB instances)
-
custom-sqlserver-se (for RDS Custom for SQL Server DB instances)
-
custom-sqlserver-web (for RDS Custom for SQL Server DB instances)
-
mariadb
-
mysql
-
oracle-ee
-
oracle-ee-cdb
-
oracle-se2
-
oracle-se2-cdb
-
postgres
-
sqlserver-ee
-
sqlserver-se
-
sqlserver-ex
-
sqlserver-web
",
+ "CreateDBInstanceMessage$Engine": "The name of the database engine to be used for this instance.
Not every database engine is available for every Amazon Web Services Region.
Valid Values:
-
aurora-mysql (for Aurora MySQL DB instances)
-
aurora-postgresql (for Aurora PostgreSQL DB instances)
-
custom-oracle-ee (for RDS Custom for Oracle DB instances)
-
custom-oracle-ee-cdb (for RDS Custom for Oracle DB instances)
-
custom-sqlserver-ee (for RDS Custom for SQL Server DB instances)
-
custom-sqlserver-se (for RDS Custom for SQL Server DB instances)
-
custom-sqlserver-web (for RDS Custom for SQL Server DB instances)
-
mariadb
-
mysql
-
oracle-ee
-
oracle-ee-cdb
-
oracle-se2
-
oracle-se2-cdb
-
postgres
-
sqlserver-ee
-
sqlserver-se
-
sqlserver-ex
-
sqlserver-web
",
"CreateDBInstanceMessage$MasterUsername": "The name for the master user.
Amazon Aurora
Not applicable. The name for the master user is managed by the DB cluster.
Amazon RDS
Constraints:
-
Required.
-
Must be 1 to 16 letters, numbers, or underscores.
-
First character must be a letter.
-
Can't be a reserved word for the chosen database engine.
",
"CreateDBInstanceMessage$MasterUserPassword": "The password for the master user. The password can include any printable ASCII character except \"/\", \"\"\", or \"@\".
Amazon Aurora
Not applicable. The password for the master user is managed by the DB cluster.
Constraints: Can't be specified if ManageMasterUserPassword is turned on.
MariaDB
Constraints: Must contain from 8 to 41 characters.
Microsoft SQL Server
Constraints: Must contain from 8 to 128 characters.
MySQL
Constraints: Must contain from 8 to 41 characters.
Oracle
Constraints: Must contain from 8 to 30 characters.
PostgreSQL
Constraints: Must contain from 8 to 128 characters.
",
"CreateDBInstanceMessage$AvailabilityZone": "The Availability Zone (AZ) where the database will be created. For information on Amazon Web Services Regions and Availability Zones, see Regions and Availability Zones.
Amazon Aurora
Each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one.
Default: A random, system-chosen Availability Zone in the endpoint's Amazon Web Services Region.
Example: us-east-1d
Constraint: The AvailabilityZone parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same Amazon Web Services Region as the current endpoint.
",
@@ -4073,7 +4073,7 @@
"CreateDBInstanceReadReplicaMessage$NetworkType": "The network type of the DB instance.
Valid values:
The network type is determined by the DBSubnetGroup specified for read replica. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
",
"CreateDBInstanceReadReplicaMessage$SourceDBClusterIdentifier": "The identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas.
Constraints:
-
Must be the identifier of an existing Multi-AZ DB cluster.
-
Can't be specified if the SourceDBInstanceIdentifier parameter is also specified.
-
The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0.
-
The source DB cluster must be in the same Amazon Web Services Region as the read replica. Cross-Region replication isn't supported.
",
"CreateDBParameterGroupMessage$DBParameterGroupName": "The name of the DB parameter group.
Constraints:
-
Must be 1 to 255 letters, numbers, or hyphens.
-
First character must be a letter
-
Can't end with a hyphen or contain two consecutive hyphens
This value is stored as a lowercase string.
",
- "CreateDBParameterGroupMessage$DBParameterGroupFamily": "The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family.
To list all of the available parameter group families for a DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine <engine>
For example, to list all of the available parameter group families for the MySQL DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine mysql
The output contains duplicates.
The following are the valid DB engine values:
",
+ "CreateDBParameterGroupMessage$DBParameterGroupFamily": "The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family.
To list all of the available parameter group families for a DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine <engine>
For example, to list all of the available parameter group families for the MySQL DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine mysql
The output contains duplicates.
The following are the valid DB engine values:
-
aurora-mysql
-
aurora-postgresql
-
mariadb
-
mysql
-
oracle-ee
-
oracle-ee-cdb
-
oracle-se2
-
oracle-se2-cdb
-
postgres
-
sqlserver-ee
-
sqlserver-se
-
sqlserver-ex
-
sqlserver-web
",
"CreateDBParameterGroupMessage$Description": "The description for the DB parameter group.
",
"CreateDBProxyRequest$DBProxyName": "The identifier for the proxy. This name must be unique for all proxies owned by your Amazon Web Services account in the specified Amazon Web Services Region. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.
",
"CreateDBProxyRequest$RoleArn": "The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in Amazon Web Services Secrets Manager.
",
@@ -4354,7 +4354,7 @@
"DescribeDBClusterSnapshotsMessage$Marker": "An optional pagination token provided by a previous DescribeDBClusterSnapshots request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
",
"DescribeDBClustersMessage$DBClusterIdentifier": "The user-supplied DB cluster identifier or the Amazon Resource Name (ARN) of the DB cluster. If this parameter is specified, information from only the specific DB cluster is returned. This parameter isn't case-sensitive.
Constraints:
",
"DescribeDBClustersMessage$Marker": "An optional pagination token provided by a previous DescribeDBClusters request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
",
- "DescribeDBEngineVersionsMessage$Engine": "The database engine to return.
Valid Values:
",
+ "DescribeDBEngineVersionsMessage$Engine": "The database engine to return.
Valid Values:
-
aurora-mysql
-
aurora-postgresql
-
custom-oracle-ee
-
mariadb
-
mysql
-
oracle-ee
-
oracle-ee-cdb
-
oracle-se2
-
oracle-se2-cdb
-
postgres
-
sqlserver-ee
-
sqlserver-se
-
sqlserver-ex
-
sqlserver-web
",
"DescribeDBEngineVersionsMessage$EngineVersion": "The database engine version to return.
Example: 5.1.49
",
"DescribeDBEngineVersionsMessage$DBParameterGroupFamily": "The name of a specific DB parameter group family to return details for.
Constraints:
",
"DescribeDBEngineVersionsMessage$Marker": "An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
",
@@ -4399,7 +4399,7 @@
"DescribeDBSubnetGroupsMessage$Marker": "An optional pagination token provided by a previous DescribeDBSubnetGroups request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
",
"DescribeEngineDefaultClusterParametersMessage$DBParameterGroupFamily": "The name of the DB cluster parameter group family to return engine parameter information for.
",
"DescribeEngineDefaultClusterParametersMessage$Marker": "An optional pagination token provided by a previous DescribeEngineDefaultClusterParameters request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
",
- "DescribeEngineDefaultParametersMessage$DBParameterGroupFamily": "The name of the DB parameter group family.
Valid Values:
-
aurora5.6
-
aurora-mysql5.7
-
aurora-mysql8.0
-
aurora-postgresql10
-
aurora-postgresql11
-
aurora-postgresql12
-
aurora-postgresql13
-
aurora-postgresql14
-
custom-oracle-ee-19
-
mariadb10.2
-
mariadb10.3
-
mariadb10.4
-
mariadb10.5
-
mariadb10.6
-
mysql5.7
-
mysql8.0
-
oracle-ee-19
-
oracle-ee-cdb-19
-
oracle-ee-cdb-21
-
oracle-se2-19
-
oracle-se2-cdb-19
-
oracle-se2-cdb-21
-
postgres10
-
postgres11
-
postgres12
-
postgres13
-
postgres14
-
sqlserver-ee-11.0
-
sqlserver-ee-12.0
-
sqlserver-ee-13.0
-
sqlserver-ee-14.0
-
sqlserver-ee-15.0
-
sqlserver-ex-11.0
-
sqlserver-ex-12.0
-
sqlserver-ex-13.0
-
sqlserver-ex-14.0
-
sqlserver-ex-15.0
-
sqlserver-se-11.0
-
sqlserver-se-12.0
-
sqlserver-se-13.0
-
sqlserver-se-14.0
-
sqlserver-se-15.0
-
sqlserver-web-11.0
-
sqlserver-web-12.0
-
sqlserver-web-13.0
-
sqlserver-web-14.0
-
sqlserver-web-15.0
",
+ "DescribeEngineDefaultParametersMessage$DBParameterGroupFamily": "The name of the DB parameter group family.
Valid Values:
-
aurora-mysql5.7
-
aurora-mysql8.0
-
aurora-postgresql10
-
aurora-postgresql11
-
aurora-postgresql12
-
aurora-postgresql13
-
aurora-postgresql14
-
custom-oracle-ee-19
-
mariadb10.2
-
mariadb10.3
-
mariadb10.4
-
mariadb10.5
-
mariadb10.6
-
mysql5.7
-
mysql8.0
-
oracle-ee-19
-
oracle-ee-cdb-19
-
oracle-ee-cdb-21
-
oracle-se2-19
-
oracle-se2-cdb-19
-
oracle-se2-cdb-21
-
postgres10
-
postgres11
-
postgres12
-
postgres13
-
postgres14
-
sqlserver-ee-11.0
-
sqlserver-ee-12.0
-
sqlserver-ee-13.0
-
sqlserver-ee-14.0
-
sqlserver-ee-15.0
-
sqlserver-ex-11.0
-
sqlserver-ex-12.0
-
sqlserver-ex-13.0
-
sqlserver-ex-14.0
-
sqlserver-ex-15.0
-
sqlserver-se-11.0
-
sqlserver-se-12.0
-
sqlserver-se-13.0
-
sqlserver-se-14.0
-
sqlserver-se-15.0
-
sqlserver-web-11.0
-
sqlserver-web-12.0
-
sqlserver-web-13.0
-
sqlserver-web-14.0
-
sqlserver-web-15.0
",
"DescribeEngineDefaultParametersMessage$Marker": "An optional pagination token provided by a previous DescribeEngineDefaultParameters request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
",
"DescribeEventCategoriesMessage$SourceType": "The type of source that is generating the events. For RDS Proxy events, specify db-proxy.
Valid values: db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy
",
"DescribeEventSubscriptionsMessage$SubscriptionName": "The name of the RDS event notification subscription you want to describe.
",
@@ -4418,7 +4418,7 @@
"DescribeOptionGroupsMessage$Marker": "An optional pagination token provided by a previous DescribeOptionGroups request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
",
"DescribeOptionGroupsMessage$EngineName": "Filters the list of option groups to only include groups associated with a specific database engine.
Valid Values:
-
mariadb
-
mysql
-
oracle-ee
-
oracle-ee-cdb
-
oracle-se2
-
oracle-se2-cdb
-
postgres
-
sqlserver-ee
-
sqlserver-se
-
sqlserver-ex
-
sqlserver-web
",
"DescribeOptionGroupsMessage$MajorEngineVersion": "Filters the list of option groups to only include groups associated with a specific database engine version. If specified, then EngineName must also be specified.
",
- "DescribeOrderableDBInstanceOptionsMessage$Engine": "The name of the engine to retrieve DB instance options for.
Valid Values:
",
+ "DescribeOrderableDBInstanceOptionsMessage$Engine": "The name of the engine to retrieve DB instance options for.
Valid Values:
-
aurora-mysql
-
aurora-postgresql
-
custom-oracle-ee
-
mariadb
-
mysql
-
oracle-ee
-
oracle-ee-cdb
-
oracle-se2
-
oracle-se2-cdb
-
postgres
-
sqlserver-ee
-
sqlserver-se
-
sqlserver-ex
-
sqlserver-web
",
"DescribeOrderableDBInstanceOptionsMessage$EngineVersion": "The engine version filter value. Specify this parameter to show only the available offerings matching the specified engine version.
",
"DescribeOrderableDBInstanceOptionsMessage$DBInstanceClass": "The DB instance class filter value. Specify this parameter to show only the available offerings matching the specified DB instance class.
",
"DescribeOrderableDBInstanceOptionsMessage$LicenseModel": "The license model filter value. Specify this parameter to show only the available offerings matching the specified license model.
RDS Custom supports only the BYOL licensing model.
",
@@ -4526,7 +4526,7 @@
"ModifyDBClusterMessage$OptionGroupName": "A value that indicates that the DB cluster should be associated with the specified option group.
DB clusters are associated with a default option group that can't be modified.
",
"ModifyDBClusterMessage$PreferredBackupWindow": "The daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter.
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. To view the time blocks available, see Backup window in the Amazon Aurora User Guide.
Constraints:
-
Must be in the format hh24:mi-hh24:mi.
-
Must be in Universal Coordinated Time (UTC).
-
Must not conflict with the preferred maintenance window.
-
Must be at least 30 minutes.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"ModifyDBClusterMessage$PreferredMaintenanceWindow": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
- "ModifyDBClusterMessage$EngineVersion": "The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless ApplyImmediately is enabled.
If the cluster that you're modifying has one or more read replicas, all replicas must be running an engine version that's the same or later than the version you specify.
To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) and version 3 (MySQL 8.0-compatible), use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for MySQL 5.6-compatible Aurora, use the following command:
aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for Aurora PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for MySQL, use the following command:
aws rds describe-db-engine-versions --engine mysql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine postgres --query \"DBEngineVersions[].EngineVersion\"
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
+ "ModifyDBClusterMessage$EngineVersion": "The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless ApplyImmediately is enabled.
If the cluster that you're modifying has one or more read replicas, all replicas must be running an engine version that's the same or later than the version you specify.
To list all of the available engine versions for Aurora MySQL, use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for Aurora PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for MySQL, use the following command:
aws rds describe-db-engine-versions --engine mysql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine postgres --query \"DBEngineVersions[].EngineVersion\"
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"ModifyDBClusterMessage$DBInstanceParameterGroupName": "The name of the DB parameter group to apply to all instances of the DB cluster.
When you apply a parameter group using the DBInstanceParameterGroupName parameter, the DB cluster isn't rebooted automatically. Also, parameter changes are applied immediately rather than during the next maintenance window.
Default: The existing name setting
Constraints:
-
The DB parameter group must be in the same DB parameter group family as this DB cluster.
-
The DBInstanceParameterGroupName parameter is valid in combination with the AllowMajorVersionUpgrade parameter for a major version upgrade only.
Valid for: Aurora DB clusters only
",
"ModifyDBClusterMessage$Domain": "The Active Directory directory ID to move the DB cluster to. Specify none to remove the cluster from its current domain. The domain must be created prior to this operation.
For more information, see Kerberos Authentication in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
",
"ModifyDBClusterMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
Valid for: Aurora DB clusters only
",
@@ -4580,7 +4580,7 @@
"ModifyEventSubscriptionMessage$SourceType": "The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. For RDS Proxy events, specify db-proxy. If this value isn't specified, all events are returned.
Valid values: db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy
",
"ModifyGlobalClusterMessage$GlobalClusterIdentifier": "The DB cluster identifier for the global cluster being modified. This parameter isn't case-sensitive.
Constraints:
",
"ModifyGlobalClusterMessage$NewGlobalClusterIdentifier": "The new cluster identifier for the global database cluster when modifying a global database cluster. This value is stored as a lowercase string.
Constraints:
-
Must contain from 1 to 63 letters, numbers, or hyphens
-
The first character must be a letter
-
Can't end with a hyphen or contain two consecutive hyphens
Example: my-cluster2
",
- "ModifyGlobalClusterMessage$EngineVersion": "The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless ApplyImmediately is enabled.
To list all of the available engine versions for aurora (for MySQL 5.6-compatible Aurora), use the following command:
aws rds describe-db-engine-versions --engine aurora --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'
To list all of the available engine versions for aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora), use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'
To list all of the available engine versions for aurora-postgresql, use the following command:
aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'
",
+ "ModifyGlobalClusterMessage$EngineVersion": "The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless ApplyImmediately is enabled.
To list all of the available engine versions for aurora-mysql (for MySQL-based Aurora global databases), use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'
To list all of the available engine versions for aurora-postgresql (for PostgreSQL-based Aurora global databases), use the following command:
aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'
",
"ModifyOptionGroupMessage$OptionGroupName": "The name of the option group to be modified.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance once it is associated with a DB instance
",
"Option$OptionName": "The name of the option.
",
"Option$OptionDescription": "The description of the option.
",
@@ -4697,10 +4697,10 @@
"RestoreDBClusterFromS3Message$CharacterSetName": "A value that indicates that the restored DB cluster should be associated with the specified CharacterSet.
",
"RestoreDBClusterFromS3Message$DatabaseName": "The database name for the restored DB cluster.
",
"RestoreDBClusterFromS3Message$DBClusterIdentifier": "The name of the DB cluster to create from the source data in the Amazon S3 bucket. This parameter isn't case-sensitive.
Constraints:
-
Must contain from 1 to 63 letters, numbers, or hyphens.
-
First character must be a letter.
-
Can't end with a hyphen or contain two consecutive hyphens.
Example: my-cluster1
",
- "RestoreDBClusterFromS3Message$DBClusterParameterGroupName": "The name of the DB cluster parameter group to associate with the restored DB cluster. If this argument is omitted, default.aurora5.6 is used.
Constraints:
",
+ "RestoreDBClusterFromS3Message$DBClusterParameterGroupName": "The name of the DB cluster parameter group to associate with the restored DB cluster. If this argument is omitted, the default parameter group for the engine version is used.
Constraints:
",
"RestoreDBClusterFromS3Message$DBSubnetGroupName": "A DB subnet group to associate with the restored DB cluster.
Constraints: If supplied, must match the name of an existing DBSubnetGroup.
Example: mydbsubnetgroup
",
- "RestoreDBClusterFromS3Message$Engine": "The name of the database engine to be used for this DB cluster.
Valid Values: aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)
",
- "RestoreDBClusterFromS3Message$EngineVersion": "The version number of the database engine to use.
To list all of the available engine versions for aurora-mysql (MySQL 5.7-compatible and MySQL 8.0-compatible Aurora), use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"
Aurora MySQL
Examples: 5.7.mysql_aurora.2.07.1, 8.0.mysql_aurora.3.02.0
",
+ "RestoreDBClusterFromS3Message$Engine": "The name of the database engine to be used for this DB cluster.
Valid Values: aurora-mysql (for Aurora MySQL)
",
+ "RestoreDBClusterFromS3Message$EngineVersion": "The version number of the database engine to use.
To list all of the available engine versions for aurora-mysql (Aurora MySQL), use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"
Aurora MySQL
Examples: 5.7.mysql_aurora.2.07.1, 8.0.mysql_aurora.3.02.0
",
"RestoreDBClusterFromS3Message$MasterUsername": "The name of the master user for the restored DB cluster.
Constraints:
-
Must be 1 to 16 letters or numbers.
-
First character must be a letter.
-
Can't be a reserved word for the chosen database engine.
",
"RestoreDBClusterFromS3Message$MasterUserPassword": "The password for the master database user. This password can contain any printable ASCII character except \"/\", \"\"\", or \"@\".
Constraints:
",
"RestoreDBClusterFromS3Message$OptionGroupName": "A value that indicates that the restored DB cluster should be associated with the specified option group.
Permanent options can't be removed from an option group. An option group can't be removed from a DB cluster once it is associated with a DB cluster.
",
@@ -4719,12 +4719,12 @@
"RestoreDBClusterFromSnapshotMessage$DBClusterIdentifier": "The name of the DB cluster to create from the DB snapshot or DB cluster snapshot. This parameter isn't case-sensitive.
Constraints:
-
Must contain from 1 to 63 letters, numbers, or hyphens
-
First character must be a letter
-
Can't end with a hyphen or contain two consecutive hyphens
Example: my-snapshot-id
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterFromSnapshotMessage$SnapshotIdentifier": "The identifier for the DB snapshot or DB cluster snapshot to restore from.
You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot.
Constraints:
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterFromSnapshotMessage$Engine": "The database engine to use for the new DB cluster.
Default: The same as source
Constraint: Must be compatible with the engine of the source
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
- "RestoreDBClusterFromSnapshotMessage$EngineVersion": "The version of the database engine to use for the new DB cluster. If you don't specify an engine version, the default version for the database engine in the Amazon Web Services Region is used.
To list all of the available engine versions for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora, use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for Aurora PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for MySQL, use the following command:
aws rds describe-db-engine-versions --engine mysql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine postgres --query \"DBEngineVersions[].EngineVersion\"
Aurora MySQL
See Database engine updates for Amazon Aurora MySQL in the Amazon Aurora User Guide.
Aurora PostgreSQL
See Amazon Aurora PostgreSQL releases and engine versions in the Amazon Aurora User Guide.
MySQL
See Amazon RDS for MySQL in the Amazon RDS User Guide.
PostgreSQL
See Amazon RDS for PostgreSQL versions and extensions in the Amazon RDS User Guide.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
+ "RestoreDBClusterFromSnapshotMessage$EngineVersion": "The version of the database engine to use for the new DB cluster. If you don't specify an engine version, the default version for the database engine in the Amazon Web Services Region is used.
To list all of the available engine versions for Aurora MySQL, use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for Aurora PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for MySQL, use the following command:
aws rds describe-db-engine-versions --engine mysql --query \"DBEngineVersions[].EngineVersion\"
To list all of the available engine versions for RDS for PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine postgres --query \"DBEngineVersions[].EngineVersion\"
Aurora MySQL
See Database engine updates for Amazon Aurora MySQL in the Amazon Aurora User Guide.
Aurora PostgreSQL
See Amazon Aurora PostgreSQL releases and engine versions in the Amazon Aurora User Guide.
MySQL
See Amazon RDS for MySQL in the Amazon RDS User Guide.
PostgreSQL
See Amazon RDS for PostgreSQL versions and extensions in the Amazon RDS User Guide.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterFromSnapshotMessage$DBSubnetGroupName": "The name of the DB subnet group to use for the new DB cluster.
Constraints: If supplied, must match the name of an existing DB subnet group.
Example: mydbsubnetgroup
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterFromSnapshotMessage$DatabaseName": "The database name for the restored DB cluster.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterFromSnapshotMessage$OptionGroupName": "The name of the option group to use for the restored DB cluster.
DB clusters are associated with a default option group that can't be modified.
",
"RestoreDBClusterFromSnapshotMessage$KmsKeyId": "The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from a DB snapshot or DB cluster snapshot.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
When you don't specify a value for the KmsKeyId parameter, then the following occurs:
-
If the DB snapshot or DB cluster snapshot in SnapshotIdentifier is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the DB snapshot or DB cluster snapshot.
-
If the DB snapshot or DB cluster snapshot in SnapshotIdentifier isn't encrypted, then the restored DB cluster isn't encrypted.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
- "RestoreDBClusterFromSnapshotMessage$EngineMode": "The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster.
For more information, see CreateDBCluster.
Valid for: Aurora DB clusters only
",
+ "RestoreDBClusterFromSnapshotMessage$EngineMode": "The DB engine mode of the DB cluster, either provisioned or serverless.
For more information, see CreateDBCluster.
Valid for: Aurora DB clusters only
",
"RestoreDBClusterFromSnapshotMessage$DBClusterParameterGroupName": "The name of the DB cluster parameter group to associate with this DB cluster. If this argument is omitted, the default DB cluster parameter group for the specified engine is used.
Constraints:
-
If supplied, must match the name of an existing default DB cluster parameter group.
-
Must be 1 to 255 letters, numbers, or hyphens.
-
First character must be a letter.
-
Can't end with a hyphen or contain two consecutive hyphens.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterFromSnapshotMessage$Domain": "Specify the Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
Valid for: Aurora DB clusters only
",
"RestoreDBClusterFromSnapshotMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
Valid for: Aurora DB clusters only
",
@@ -4732,7 +4732,7 @@
"RestoreDBClusterFromSnapshotMessage$StorageType": "Specifies the storage type to be associated with the each DB instance in the Multi-AZ DB cluster.
Valid values: io1
When specified, a value for the Iops parameter is required.
Default: io1
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterFromSnapshotMessage$NetworkType": "The network type of the DB cluster.
Valid values:
The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
",
"RestoreDBClusterToPointInTimeMessage$DBClusterIdentifier": "The name of the new DB cluster to be created.
Constraints:
-
Must contain from 1 to 63 letters, numbers, or hyphens
-
First character must be a letter
-
Can't end with a hyphen or contain two consecutive hyphens
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
- "RestoreDBClusterToPointInTimeMessage$RestoreType": "The type of restore to be performed. You can specify one of the following values:
Constraints: You can't specify copy-on-write if the engine version of the source DB cluster is earlier than 1.11.
If you don't specify a RestoreType value, then the new DB cluster is restored as a full copy of the source DB cluster.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
+ "RestoreDBClusterToPointInTimeMessage$RestoreType": "The type of restore to be performed. You can specify one of the following values:
If you don't specify a RestoreType value, then the new DB cluster is restored as a full copy of the source DB cluster.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterToPointInTimeMessage$SourceDBClusterIdentifier": "The identifier of the source DB cluster from which to restore.
Constraints:
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterToPointInTimeMessage$DBSubnetGroupName": "The DB subnet group name to use for the new DB cluster.
Constraints: If supplied, must match the name of an existing DBSubnetGroup.
Example: mydbsubnetgroup
Valid for: Aurora DB clusters and Multi-AZ DB clusters
",
"RestoreDBClusterToPointInTimeMessage$OptionGroupName": "The name of the option group for the new DB cluster.
DB clusters are associated with a default option group that can't be modified.
",
@@ -4870,7 +4870,7 @@
"base": null,
"refs": {
"CreateCustomDBEngineVersionMessage$DatabaseInstallationFilesS3Prefix": "The Amazon S3 directory that contains the database installation files for your CEV. For example, a valid bucket name is 123456789012/cev1. If this setting isn't specified, no prefix is assumed.
",
- "CreateCustomDBEngineVersionMessage$ImageId": "The ID of the AMI. An AMI ID is required to create a CEV for RDS Custom for SQL Server.
"
+ "CreateCustomDBEngineVersionMessage$ImageId": "The ID of the Amazon Machine Image (AMI). For RDS Custom for SQL Server, an AMI ID is required to create a CEV. For RDS Custom for Oracle, the default is the most recent AMI available, but you can specify an AMI ID that was used in a different Oracle CEV. Find the AMIs used by your CEVs by calling the DescribeDBEngineVersions operation.
"
}
},
"StringList": {
diff --git a/models/apis/rds/2014-10-31/examples-1.json b/models/apis/rds/2014-10-31/examples-1.json
index 6c5a25bf9a2..5b1599a476d 100644
--- a/models/apis/rds/2014-10-31/examples-1.json
+++ b/models/apis/rds/2014-10-31/examples-1.json
@@ -550,9 +550,9 @@
"output": {
}
},
- "description": "The following example create a MySQL 5.7-compatible DB cluster.",
- "id": "to-create-a-mysql-57--compatible-db-cluster-1679699416154",
- "title": "To create a MySQL 5.7--compatible DB cluster"
+ "description": "The following example creates a MySQL 5.7-compatible Aurora DB cluster.",
+ "id": "to-create-a-mysql-57-compatible-db-cluster-1679699416154",
+ "title": "To create a MySQL 5.7-compatible DB cluster"
},
{
"input": {
@@ -620,9 +620,9 @@
"output": {
}
},
- "description": "The following creates a PostgreSQL-compatible DB cluster. ",
- "id": "to-create-a-postgresql--compatible-db-cluster-1679700161087",
- "title": "To create a PostgreSQL--compatible DB cluster"
+ "description": "The following example creates a PostgreSQL-compatible Aurora DB cluster.",
+ "id": "to-create-a-postgresql-compatible-db-cluster-1679700161087",
+ "title": "To create a PostgreSQL-compatible DB cluster"
}
],
"CreateDBClusterEndpoint": [
@@ -3908,14 +3908,14 @@
},
"comments": {
"input": {
- "DBInstance": "Some output omitted."
},
"output": {
+ "DBInstance": "Some output ommitted."
}
},
"description": "The following example associates an option group and a parameter group with a compatible Microsoft SQL Server DB instance. The ApplyImmediately parameter causes the option and parameter groups to be associated immediately, instead of waiting until the next maintenance window.",
- "id": "to-modify-parameters-in-a-db-cluster-parameter-group-1680377584537",
- "title": "To modify parameters in a DB cluster parameter group"
+ "id": "to-modify-a-db-instance-1680377584537",
+ "title": "To modify a DB instance"
}
],
"ModifyDBParameterGroup": [
diff --git a/models/apis/s3/2006-03-01/api-2.json b/models/apis/s3/2006-03-01/api-2.json
index a7af2abfe7f..581b4ad69af 100644
--- a/models/apis/s3/2006-03-01/api-2.json
+++ b/models/apis/s3/2006-03-01/api-2.json
@@ -5707,7 +5707,8 @@
"INTELLIGENT_TIERING",
"DEEP_ARCHIVE",
"OUTPOSTS",
- "GLACIER_IR"
+ "GLACIER_IR",
+ "SNOW"
]
},
"ObjectVersion":{
@@ -7817,7 +7818,8 @@
"GLACIER",
"DEEP_ARCHIVE",
"OUTPOSTS",
- "GLACIER_IR"
+ "GLACIER_IR",
+ "SNOW"
]
},
"StorageClassAnalysis":{
diff --git a/models/apis/s3/2006-03-01/docs-2.json b/models/apis/s3/2006-03-01/docs-2.json
index 0b28999ed47..190b9f6ef25 100644
--- a/models/apis/s3/2006-03-01/docs-2.json
+++ b/models/apis/s3/2006-03-01/docs-2.json
@@ -3,14 +3,14 @@
"service": "",
"operations": {
"AbortMultipartUpload": "This action aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts.
To verify that all parts have been removed, so you don't get charged for the part storage, you should call the ListParts action and ensure that the parts list is empty.
For information about permissions required to use the multipart upload, see Multipart Upload and Permissions.
The following operations are related to AbortMultipartUpload:
",
- "CompleteMultipartUpload": "Completes a multipart upload by assembling previously uploaded parts.
You first initiate the multipart upload and then upload all parts using the UploadPart operation. After successfully uploading all relevant parts of an upload, you call this action to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the Complete Multipart Upload request, you must provide the parts list. You must ensure that the parts list is complete. This action concatenates the parts that you provide in the list. For each part in the list, you must provide the part number and the ETag value, returned after that part was uploaded.
Processing of a Complete Multipart Upload request could take several minutes to complete. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. A request could fail after the initial 200 OK response has been sent. This means that a 200 OK response can contain either a success or an error. If you call the S3 API directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throws an exception (or, for the SDKs that don't use exceptions, they return the error).
Note that if CompleteMultipartUpload fails, applications should be prepared to retry the failed requests. For more information, see Amazon S3 Error Best Practices.
You cannot use Content-Type: application/x-www-form-urlencoded with Complete Multipart Upload requests. Also, if you do not provide a Content-Type header, CompleteMultipartUpload returns a 200 OK response.
For more information about multipart uploads, see Uploading Objects Using Multipart Upload.
For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions.
CompleteMultipartUpload has the following special errors:
The following operations are related to CompleteMultipartUpload:
",
- "CopyObject": "Creates a copy of an object that is already stored in Amazon S3.
You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.
All copy requests must be authenticated. Additionally, you must have read access to the source object and write access to the destination bucket. For more information, see REST Authentication. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.
A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. If the error occurs before the copy action starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the 200 OK response. This means that a 200 OK response can contain either a success or an error. If you call the S3 API directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throws an exception (or, for the SDKs that don't use exceptions, they return the error).
If the copy is successful, you receive a response with information about the copied object.
If the request is an HTTP 1.1 request, the response is chunk encoded. If it were not, it would not contain the content-length, and you would need to read the entire body.
The copy request charge is based on the storage class and Region that you specify for the destination object. For pricing information, see Amazon S3 pricing.
Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.
Metadata
When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to private for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see Using ACLs.
To specify whether you want the object metadata copied from the source object or replaced with metadata provided in the request, you can optionally add the x-amz-metadata-directive header. When you grant permissions, you can use the s3:x-amz-metadata-directive condition key to enforce certain metadata behavior when objects are uploaded. For more information, see Specifying Conditions in a Policy in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition keys, see Actions, Resources, and Condition Keys for Amazon S3.
x-amz-website-redirect-location is unique to each object and must be specified in the request headers to copy the value.
x-amz-copy-source-if Headers
To only copy an object under certain conditions, such as whether the Etag matches or whether the object was modified before or after a specified date, use the following request parameters:
-
x-amz-copy-source-if-match
-
x-amz-copy-source-if-none-match
-
x-amz-copy-source-if-unmodified-since
-
x-amz-copy-source-if-modified-since
If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since headers are present in the request and evaluate as follows, Amazon S3 returns 200 OK and copies the data:
If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since headers are present in the request and evaluate as follows, Amazon S3 returns the 412 Precondition Failed response code:
All headers with the x-amz- prefix, including x-amz-copy-source, must be signed.
Server-side encryption
Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy. When you perform a CopyObject operation, if you want to use a different type of encryption setting for the target object, you can use other appropriate encryption-related headers to encrypt the target object with a KMS key, an Amazon S3 managed key, or a customer-provided key. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If the source object for the copy is stored in Amazon S3 using SSE-C, you must provide the necessary encryption information in your request so that Amazon S3 can decrypt the object for copying. For more information about server-side encryption, see Using Server-Side Encryption.
If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
Access Control List (ACL)-Specific Request Headers
When copying an object, you can optionally use headers to grant ACL-based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.
If the bucket that you're copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed in the XML format.
For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.
If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.
Checksums
When copying an object, if it has a checksum, that checksum will be copied to the new object by default. When you copy the object over, you may optionally specify a different checksum algorithm to use with the x-amz-checksum-algorithm header.
Storage Class Options
You can use the CopyObject action to change the storage class of an object that is already stored in Amazon S3 using the StorageClass parameter. For more information, see Storage Classes in the Amazon S3 User Guide.
Versioning
By default, x-amz-copy-source identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the versionId subresource.
If you enable versioning on the target bucket, Amazon S3 generates a unique version ID for the object being copied. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the x-amz-version-id response header in the response.
If you do not enable versioning or suspend it on the target bucket, the version ID that Amazon S3 generates is always null.
If the source object's storage class is GLACIER, you must restore a copy of this object before you can use it as a source object for the copy operation. For more information, see RestoreObject.
The following operations are related to CopyObject:
For more information, see Copying Objects.
",
+ "CompleteMultipartUpload": "Completes a multipart upload by assembling previously uploaded parts.
You first initiate the multipart upload and then upload all parts using the UploadPart operation. After successfully uploading all relevant parts of an upload, you call this action to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the Complete Multipart Upload request, you must provide the parts list. You must ensure that the parts list is complete. This action concatenates the parts that you provide in the list. For each part in the list, you must provide the part number and the ETag value, returned after that part was uploaded.
Processing of a Complete Multipart Upload request could take several minutes to complete. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. Because a request could fail after the initial 200 OK response has been sent, it is important that you check the response body to determine whether the request succeeded.
Note that if CompleteMultipartUpload fails, applications should be prepared to retry the failed requests. For more information, see Amazon S3 Error Best Practices.
You cannot use Content-Type: application/x-www-form-urlencoded with Complete Multipart Upload requests. Also, if you do not provide a Content-Type header, CompleteMultipartUpload returns a 200 OK response.
For more information about multipart uploads, see Uploading Objects Using Multipart Upload.
For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions.
CompleteMultipartUpload has the following special errors:
The following operations are related to CompleteMultipartUpload:
",
+ "CopyObject": "Creates a copy of an object that is already stored in Amazon S3.
You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.
All copy requests must be authenticated. Additionally, you must have read access to the source object and write access to the destination bucket. For more information, see REST Authentication. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.
A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. If the error occurs before the copy action starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the 200 OK response. This means that a 200 OK response can contain either a success or an error. Design your application to parse the contents of the response and handle it appropriately.
If the copy is successful, you receive a response with information about the copied object.
If the request is an HTTP 1.1 request, the response is chunk encoded. If it were not, it would not contain the content-length, and you would need to read the entire body.
The copy request charge is based on the storage class and Region that you specify for the destination object. For pricing information, see Amazon S3 pricing.
Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.
Metadata
When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to private for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see Using ACLs.
To specify whether you want the object metadata copied from the source object or replaced with metadata provided in the request, you can optionally add the x-amz-metadata-directive header. When you grant permissions, you can use the s3:x-amz-metadata-directive condition key to enforce certain metadata behavior when objects are uploaded. For more information, see Specifying Conditions in a Policy in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition keys, see Actions, Resources, and Condition Keys for Amazon S3.
x-amz-copy-source-if Headers
To only copy an object under certain conditions, such as whether the Etag matches or whether the object was modified before or after a specified date, use the following request parameters:
-
x-amz-copy-source-if-match
-
x-amz-copy-source-if-none-match
-
x-amz-copy-source-if-unmodified-since
-
x-amz-copy-source-if-modified-since
If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since headers are present in the request and evaluate as follows, Amazon S3 returns 200 OK and copies the data:
If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since headers are present in the request and evaluate as follows, Amazon S3 returns the 412 Precondition Failed response code:
All headers with the x-amz- prefix, including x-amz-copy-source, must be signed.
Server-side encryption
When you perform a CopyObject operation, you can optionally use the appropriate encryption-related headers to encrypt the object using server-side encryption with Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS) or a customer-provided encryption key. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see Using Server-Side Encryption.
If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
Access Control List (ACL)-Specific Request Headers
When copying an object, you can optionally use headers to grant ACL-based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.
If the bucket that you're copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed in the XML format.
For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.
If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.
Checksums
When copying an object, if it has a checksum, that checksum will be copied to the new object by default. When you copy the object over, you may optionally specify a different checksum algorithm to use with the x-amz-checksum-algorithm header.
Storage Class Options
You can use the CopyObject action to change the storage class of an object that is already stored in Amazon S3 using the StorageClass parameter. For more information, see Storage Classes in the Amazon S3 User Guide.
Versioning
By default, x-amz-copy-source identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the versionId subresource.
If you enable versioning on the target bucket, Amazon S3 generates a unique version ID for the object being copied. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the x-amz-version-id response header in the response.
If you do not enable versioning or suspend it on the target bucket, the version ID that Amazon S3 generates is always null.
If the source object's storage class is GLACIER, you must restore a copy of this object before you can use it as a source object for the copy operation. For more information, see RestoreObject.
The following operations are related to CopyObject:
For more information, see Copying Objects.
",
"CreateBucket": "Creates a new S3 bucket. To create a bucket, you must register with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.
Not every string is an acceptable bucket name. For information about bucket naming restrictions, see Bucket naming rules.
If you want to create an Amazon S3 on Outposts bucket, see Create Bucket.
By default, the bucket is created in the US East (N. Virginia) Region. You can optionally specify a Region in the request body. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. For more information, see Accessing a bucket.
If you send your create bucket request to the s3.amazonaws.com endpoint, the request goes to the us-east-1 Region. Accordingly, the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets.
Access control lists (ACLs)
When creating a bucket using this operation, you can optionally configure the bucket ACL to specify the accounts or groups that should be granted specific permissions on the bucket.
If your CreateBucket request sets bucket owner enforced for S3 Object Ownership and specifies a bucket ACL that provides access to an external Amazon Web Services account, your request fails with a 400 error and returns the InvalidBucketAclWithObjectOwnership error code. For more information, see Controlling object ownership in the Amazon S3 User Guide.
There are two ways to grant the appropriate permissions using the request headers.
-
Specify a canned ACL using the x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.
-
Specify access permissions explicitly using the x-amz-grant-read, x-amz-grant-write, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. These headers map to the set of permissions Amazon S3 supports in an ACL. For more information, see Access control list (ACL) overview.
You specify each grantee as a type=value pair, where the type is one of the following:
-
id – if the value specified is the canonical user ID of an Amazon Web Services account
-
uri – if you are granting permissions to a predefined group
-
emailAddress – if the value specified is the email address of an Amazon Web Services account
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
For example, the following x-amz-grant-read header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:
x-amz-grant-read: id=\"11112222333\", id=\"444455556666\"
You can use either a canned ACL or specify access permissions explicitly. You cannot do both.
Permissions
In addition to s3:CreateBucket, the following permissions are required when your CreateBucket includes specific headers:
-
ACLs - If your CreateBucket request specifies ACL permissions and the ACL is public-read, public-read-write, authenticated-read, or if you specify access permissions explicitly through any other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are needed. If the ACL the CreateBucket request is private or doesn't specify any ACLs, only s3:CreateBucket permission is needed.
-
Object Lock - If ObjectLockEnabledForBucket is set to true in your CreateBucket request, s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are required.
-
S3 Object Ownership - If your CreateBucket request includes the the x-amz-object-ownership header, s3:PutBucketOwnershipControls permission is required.
The following operations are related to CreateBucket:
",
- "CreateMultipartUpload": "This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request.
For more information about multipart uploads, see Multipart Upload Overview.
If you have configured a lifecycle rule to abort incomplete multipart uploads, the upload must complete within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy.
For information about the permissions required to use the multipart upload API, see Multipart Upload and Permissions.
For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4).
After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stop charging you for storing them only after you either complete or abort a multipart upload.
Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. Amazon S3 automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a multipart upload, if you don't specify encryption information in your request, the encryption setting of the uploaded parts is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded parts. When you perform a CreateMultipartUpload operation, if you want to use a different type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the object with a KMS key, an Amazon S3 managed key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the request to initiate the upload by using CreateMultipartUpload. you can request that Amazon S3 save the uploaded parts encrypted with server-side encryption with an Amazon S3 managed key (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C).
To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.
If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key, then you must have these permissions on the key policy. If your IAM user or role belongs to a different account than the key, then you must have the permissions on both the key policy and your IAM user or role.
For more information, see Protecting Data Using Server-Side Encryption.
- Access Permissions
-
When copying an object, you can optionally specify the accounts or groups that should be granted specific permissions on the new object. There are two ways to grant the permissions using the request headers:
-
Specify a canned ACL with the x-amz-acl request header. For more information, see Canned ACL.
-
Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.
You can use either a canned ACL or specify access permissions explicitly. You cannot do both.
- Server-Side- Encryption-Specific Request Headers
-
Amazon S3 encrypts data by using server-side encryption with an Amazon S3 managed key (SSE-S3) by default. Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You can request that Amazon S3 encrypts data at rest by using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption keys (SSE-C).
-
Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key (aws/s3) and KMS customer managed keys stored in Key Management Service (KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request.
-
x-amz-server-side-encryption
-
x-amz-server-side-encryption-aws-kms-key-id
-
x-amz-server-side-encryption-context
If you specify x-amz-server-side-encryption:aws:kms, but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3 key) in KMS to protect the data.
All GET and PUT requests for an object protected by KMS fail if you don't make them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version 4.
For more information about server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys.
-
Use customer-provided encryption keys (SSE-C) – If you want to manage your own encryption keys, provide all the following headers in the request.
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
For more information about server-side encryption with customer-provided encryption keys (SSE-C), see Protecting data using server-side encryption with customer-provided encryption keys (SSE-C).
- Access-Control-List (ACL)-Specific Request Headers
-
You also can use the following access control–related headers with this operation. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the access control list (ACL) on the object. For more information, see Using ACLs. With this operation, you can grant access permissions using one of the following two methods:
-
Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.
-
Specify access permissions explicitly — To explicitly grant access permissions to specific Amazon Web Services accounts or groups, use the following headers. Each header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview. In the header, you specify a list of grantees who get the specific permission. To grant permissions explicitly, use:
-
x-amz-grant-read
-
x-amz-grant-write
-
x-amz-grant-read-acp
-
x-amz-grant-write-acp
-
x-amz-grant-full-control
You specify each grantee as a type=value pair, where the type is one of the following:
-
id – if the value specified is the canonical user ID of an Amazon Web Services account
-
uri – if you are granting permissions to a predefined group
-
emailAddress – if the value specified is the email address of an Amazon Web Services account
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
For example, the following x-amz-grant-read header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:
x-amz-grant-read: id=\"11112222333\", id=\"444455556666\"
The following operations are related to CreateMultipartUpload:
",
+ "CreateMultipartUpload": "This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request.
For more information about multipart uploads, see Multipart Upload Overview.
If you have configured a lifecycle rule to abort incomplete multipart uploads, the upload must complete within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy.
For information about the permissions required to use the multipart upload API, see Multipart Upload and Permissions.
For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4).
After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stop charging you for storing them only after you either complete or abort a multipart upload.
You can optionally request server-side encryption. For server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You can provide your own encryption key, or use Amazon Web Services KMS keys or Amazon S3-managed encryption keys. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the request to initiate the upload by using CreateMultipartUpload.
To perform a multipart upload with encryption using an Amazon Web Services KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions in the Amazon S3 User Guide.
If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key, then you must have these permissions on the key policy. If your IAM user or role belongs to a different account than the key, then you must have the permissions on both the key policy and your IAM user or role.
For more information, see Protecting Data Using Server-Side Encryption.
- Access Permissions
-
When copying an object, you can optionally specify the accounts or groups that should be granted specific permissions on the new object. There are two ways to grant the permissions using the request headers:
-
Specify a canned ACL with the x-amz-acl request header. For more information, see Canned ACL.
-
Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.
You can use either a canned ACL or specify access permissions explicitly. You cannot do both.
- Server-Side- Encryption-Specific Request Headers
-
You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption. Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. The option you use depends on whether you want to use Amazon Web Services managed encryption keys or provide your own encryption key.
-
Use encryption keys managed by Amazon S3 or customer managed key stored in Amazon Web Services Key Management Service (Amazon Web Services KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request.
-
x-amz-server-side-encryption
-
x-amz-server-side-encryption-aws-kms-key-id
-
x-amz-server-side-encryption-context
If you specify x-amz-server-side-encryption:aws:kms, but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key in Amazon Web Services KMS to protect the data.
All GET and PUT requests for an object protected by Amazon Web Services KMS fail if you don't make them with SSL or by using SigV4.
For more information about server-side encryption with KMS key (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys.
-
Use customer-provided encryption keys – If you want to manage your own encryption keys, provide all the following headers in the request.
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
For more information about server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys.
- Access-Control-List (ACL)-Specific Request Headers
-
You also can use the following access control–related headers with this operation. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the access control list (ACL) on the object. For more information, see Using ACLs. With this operation, you can grant access permissions using one of the following two methods:
-
Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. For more information, see Canned ACL.
-
Specify access permissions explicitly — To explicitly grant access permissions to specific Amazon Web Services accounts or groups, use the following headers. Each header maps to specific permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview. In the header, you specify a list of grantees who get the specific permission. To grant permissions explicitly, use:
-
x-amz-grant-read
-
x-amz-grant-write
-
x-amz-grant-read-acp
-
x-amz-grant-write-acp
-
x-amz-grant-full-control
You specify each grantee as a type=value pair, where the type is one of the following:
-
id – if the value specified is the canonical user ID of an Amazon Web Services account
-
uri – if you are granting permissions to a predefined group
-
emailAddress – if the value specified is the email address of an Amazon Web Services account
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
For example, the following x-amz-grant-read header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:
x-amz-grant-read: id=\"11112222333\", id=\"444455556666\"
The following operations are related to CreateMultipartUpload:
",
"DeleteBucket": "Deletes the S3 bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted.
Related Resources
",
"DeleteBucketAnalyticsConfiguration": "Deletes an analytics configuration for the bucket (specified by the analytics configuration ID).
To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
For information about the Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis.
The following operations are related to DeleteBucketAnalyticsConfiguration:
",
"DeleteBucketCors": "Deletes the cors configuration information set for the bucket.
To use this operation, you must have permission to perform the s3:PutBucketCORS action. The bucket owner has this permission by default and can grant this permission to others.
For information about cors, see Enabling Cross-Origin Resource Sharing in the Amazon S3 User Guide.
Related Resources:
",
- "DeleteBucketEncryption": "This implementation of the DELETE action resets the default encryption for the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to your Amazon S3 Resources in the Amazon S3 User Guide.
Related Resources
",
+ "DeleteBucketEncryption": "This implementation of the DELETE action removes default encryption from the bucket. For information about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket Encryption in the Amazon S3 User Guide.
To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to your Amazon S3 Resources in the Amazon S3 User Guide.
Related Resources
",
"DeleteBucketIntelligentTieringConfiguration": "Deletes the S3 Intelligent-Tiering configuration from the specified bucket.
The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.
The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.
For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.
Operations related to DeleteBucketIntelligentTieringConfiguration include:
",
"DeleteBucketInventoryConfiguration": "Deletes an inventory configuration (identified by the inventory ID) from the bucket.
To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
For information about the Amazon S3 inventory feature, see Amazon S3 Inventory.
Operations related to DeleteBucketInventoryConfiguration include:
",
"DeleteBucketLifecycle": "Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration.
To use this operation, you must have permission to perform the s3:PutLifecycleConfiguration action. By default, the bucket owner has this permission and the bucket owner can grant this permission to others.
There is usually some time lag before lifecycle configuration deletion is fully propagated to all the Amazon S3 systems.
For more information about the object expiration, see Elements to Describe Lifecycle Actions.
Related actions include:
",
@@ -20,60 +20,60 @@
"DeleteBucketReplication": " Deletes the replication configuration from the bucket.
To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration action. The bucket owner has these permissions by default and can grant it to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
It can take a while for the deletion of a replication configuration to fully propagate.
For information about replication configuration, see Replication in the Amazon S3 User Guide.
The following operations are related to DeleteBucketReplication:
",
"DeleteBucketTagging": "Deletes the tags from the bucket.
To use this operation, you must have permission to perform the s3:PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
The following operations are related to DeleteBucketTagging:
",
"DeleteBucketWebsite": "This action removes the website configuration for a bucket. Amazon S3 returns a 200 OK response upon successfully deleting a website configuration on the specified bucket. You will get a 200 OK response if the website configuration you are trying to delete does not exist on the bucket. Amazon S3 returns a 404 response if the bucket specified in the request does not exist.
This DELETE action requires the S3:DeleteBucketWebsite permission. By default, only the bucket owner can delete the website configuration attached to a bucket. However, bucket owners can grant other users permission to delete the website configuration by writing a bucket policy granting them the S3:DeleteBucketWebsite permission.
For more information about hosting websites, see Hosting Websites on Amazon S3.
The following operations are related to DeleteBucketWebsite:
",
- "DeleteObject": "Removes the null version (if there is one) of an object and inserts a delete marker, which becomes the latest version of the object. If there isn't a null version, Amazon S3 does not remove any objects but will still respond that the command was successful.
To remove a specific version, you must use the version Id subresource. Using this subresource permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header, x-amz-delete-marker, to true.
If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the x-amz-mfa request header in the DELETE versionId request. Requests that include x-amz-mfa must use HTTPS.
For more information about MFA Delete, see Using MFA Delete. To see sample requests that use versioning, see Sample Request.
You can delete objects by explicitly calling DELETE Object or configure its lifecycle (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration actions.
The following action is related to DeleteObject:
",
- "DeleteObjectTagging": "Removes the entire tag set from the specified object. For more information about managing object tags, see Object Tagging.
To use this operation, you must have permission to perform the s3:DeleteObjectTagging action.
To delete tags of a specific object version, add the versionId query parameter in the request. You will need permission for the s3:DeleteObjectVersionTagging action.
The following operations are related to DeleteObjectTagging:
",
+ "DeleteObject": "Removes the null version (if there is one) of an object and inserts a delete marker, which becomes the latest version of the object. If there isn't a null version, Amazon S3 does not remove any objects but will still respond that the command was successful.
To remove a specific version, you must be the bucket owner and you must use the version Id subresource. Using this subresource permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header, x-amz-delete-marker, to true.
If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the x-amz-mfa request header in the DELETE versionId request. Requests that include x-amz-mfa must use HTTPS.
For more information about MFA Delete, see Using MFA Delete. To see sample requests that use versioning, see Sample Request.
You can delete objects by explicitly calling DELETE Object or configure its lifecycle (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration actions.
The following action is related to DeleteObject:
",
+ "DeleteObjectTagging": "Removes the entire tag set from the specified object. For more information about managing object tags, see Object Tagging.
To use this operation, you must have permission to perform the s3:DeleteObjectTagging action.
To delete tags of a specific object version, add the versionId query parameter in the request. You will need permission for the s3:DeleteObjectVersionTagging action.
The following operations are related to DeleteBucketMetricsConfiguration:
",
"DeleteObjects": "This action enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this action provides a suitable alternative to sending individual delete requests, reducing per-request overhead.
The request contains a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete action and returns the result of that delete, success, or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.
The action supports two modes for the response: verbose and quiet. By default, the action uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete action encountered an error. For a successful deletion, the action does not return any information about the delete in the response body.
When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete.
Finally, the Content-MD5 header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.
The following operations are related to DeleteObjects:
",
"DeletePublicAccessBlock": "Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
The following operations are related to DeletePublicAccessBlock:
",
"GetBucketAccelerateConfiguration": "This implementation of the GET action uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that enables you to perform faster data transfers to and from Amazon S3.
To use this operation, you must have permission to perform the s3:GetAccelerateConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to your Amazon S3 Resources in the Amazon S3 User Guide.
You set the Transfer Acceleration state of an existing bucket to Enabled or Suspended by using the PutBucketAccelerateConfiguration operation.
A GET accelerate request does not return a state value for a bucket that has no transfer acceleration state. A bucket has no Transfer Acceleration state if a state has never been set on the bucket.
For more information about transfer acceleration, see Transfer Acceleration in the Amazon S3 User Guide.
Related Resources
",
- "GetBucketAcl": "This implementation of the GET action uses the acl subresource to return the access control list (ACL) of a bucket. To use GET to return the ACL of the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission is granted to the anonymous user, you can return the ACL of the bucket without using an authorization header.
To use this API against an access point, provide the alias of the access point in place of the bucket name.
If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.
Related Resources
",
+ "GetBucketAcl": "This implementation of the GET action uses the acl subresource to return the access control list (ACL) of a bucket. To use GET to return the ACL of the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission is granted to the anonymous user, you can return the ACL of the bucket without using an authorization header.
If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.
Related Resources
",
"GetBucketAnalyticsConfiguration": "This implementation of the GET action returns an analytics configuration (identified by the analytics configuration ID) from the bucket.
To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
For information about Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis in the Amazon S3 User Guide.
Related Resources
",
- "GetBucketCors": "Returns the Cross-Origin Resource Sharing (CORS) configuration information set for the bucket.
To use this operation, you must have permission to perform the s3:GetBucketCORS action. By default, the bucket owner has this permission and can grant it to others.
To use this API against an access point, provide the alias of the access point in place of the bucket name.
For more information about CORS, see Enabling Cross-Origin Resource Sharing.
The following operations are related to GetBucketCors:
",
- "GetBucketEncryption": "Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
The following operations are related to GetBucketEncryption:
",
+ "GetBucketCors": "Returns the Cross-Origin Resource Sharing (CORS) configuration information set for the bucket.
To use this operation, you must have permission to perform the s3:GetBucketCORS action. By default, the bucket owner has this permission and can grant it to others.
For more information about CORS, see Enabling Cross-Origin Resource Sharing.
The following operations are related to GetBucketCors:
",
+ "GetBucketEncryption": "Returns the default encryption configuration for an Amazon S3 bucket. If the bucket does not have a default encryption configuration, GetBucketEncryption returns ServerSideEncryptionConfigurationNotFoundError.
For information about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket Encryption.
To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
The following operations are related to GetBucketEncryption:
",
"GetBucketIntelligentTieringConfiguration": "Gets the S3 Intelligent-Tiering configuration from the specified bucket.
The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.
The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.
For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.
Operations related to GetBucketIntelligentTieringConfiguration include:
",
"GetBucketInventoryConfiguration": "Returns an inventory configuration (identified by the inventory configuration ID) from the bucket.
To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
For information about the Amazon S3 inventory feature, see Amazon S3 Inventory.
The following operations are related to GetBucketInventoryConfiguration:
",
"GetBucketLifecycle": " For an updated version of this API, see GetBucketLifecycleConfiguration. If you configured a bucket lifecycle using the filter element, you should see the updated version of this topic. This topic is provided for backward compatibility.
Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.
To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
GetBucketLifecycle has the following special error:
The following operations are related to GetBucketLifecycle:
",
"GetBucketLifecycleConfiguration": " Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, or a combination of both. Accordingly, this section describes the latest API. The response describes the new filter element that you can use to specify a filter to select a subset of objects to which the rule applies. If you are using a previous version of the lifecycle configuration, it still works. For the earlier action, see GetBucketLifecycle.
Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.
To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration action. The bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
GetBucketLifecycleConfiguration has the following special error:
The following operations are related to GetBucketLifecycleConfiguration:
",
- "GetBucketLocation": "Returns the Region the bucket resides in. You set the bucket's Region using the LocationConstraint request parameter in a CreateBucket request. For more information, see CreateBucket.
To use this implementation of the operation, you must be the bucket owner.
To use this API against an access point, provide the alias of the access point in place of the bucket name.
For requests made using Amazon Web Services Signature Version 4 (SigV4), we recommend that you use HeadBucket to return the bucket Region instead of GetBucketLocation.
The following operations are related to GetBucketLocation:
",
- "GetBucketLogging": "Returns the logging status of a bucket and the permissions users have to view and modify that status.
The following operations are related to GetBucketLogging:
",
+ "GetBucketLocation": "Returns the Region the bucket resides in. You set the bucket's Region using the LocationConstraint request parameter in a CreateBucket request. For more information, see CreateBucket.
To use this implementation of the operation, you must be the bucket owner.
To use this API against an access point, provide the alias of the access point in place of the bucket name.
The following operations are related to GetBucketLocation:
",
+ "GetBucketLogging": "Returns the logging status of a bucket and the permissions users have to view and modify that status. To use GET, you must be the bucket owner.
The following operations are related to GetBucketLogging:
",
"GetBucketMetricsConfiguration": "Gets a metrics configuration (specified by the metrics configuration ID) from the bucket. Note that this doesn't include the daily storage metrics.
To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.
The following operations are related to GetBucketMetricsConfiguration:
",
"GetBucketNotification": " No longer used, see GetBucketNotificationConfiguration.
",
- "GetBucketNotificationConfiguration": "Returns the notification configuration of a bucket.
If notifications are not enabled on the bucket, the action returns an empty NotificationConfiguration element.
By default, you must be the bucket owner to read the notification configuration of a bucket. However, the bucket owner can use a bucket policy to grant permission to other users to read this configuration with the s3:GetBucketNotification permission.
To use this API against an access point, provide the alias of the access point in place of the bucket name.
For more information about setting and reading the notification configuration on a bucket, see Setting Up Notification of Bucket Events. For more information about bucket policies, see Using Bucket Policies.
The following action is related to GetBucketNotification:
",
+ "GetBucketNotificationConfiguration": "Returns the notification configuration of a bucket.
If notifications are not enabled on the bucket, the action returns an empty NotificationConfiguration element.
By default, you must be the bucket owner to read the notification configuration of a bucket. However, the bucket owner can use a bucket policy to grant permission to other users to read this configuration with the s3:GetBucketNotification permission.
For more information about setting and reading the notification configuration on a bucket, see Setting Up Notification of Bucket Events. For more information about bucket policies, see Using Bucket Policies.
The following action is related to GetBucketNotification:
",
"GetBucketOwnershipControls": "Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, you must have the s3:GetBucketOwnershipControls permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.
For information about Amazon S3 Object Ownership, see Using Object Ownership.
The following operations are related to GetBucketOwnershipControls:
",
- "GetBucketPolicy": "Returns the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.
To use this API against an access point, provide the alias of the access point in place of the bucket name.
For more information about bucket policies, see Using Bucket Policies and User Policies.
The following action is related to GetBucketPolicy:
",
+ "GetBucketPolicy": "Returns the policy of a specified bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
The following action is related to GetBucketPolicy:
",
"GetBucketPolicyStatus": "Retrieves the policy status for an Amazon S3 bucket, indicating whether the bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.
For more information about when Amazon S3 considers a bucket public, see The Meaning of \"Public\".
The following operations are related to GetBucketPolicyStatus:
",
"GetBucketReplication": "Returns the replication configuration of a bucket.
It can take a while to propagate the put or delete a replication configuration to all Amazon S3 systems. Therefore, a get request soon after put or delete can return a wrong result.
For information about replication configuration, see Replication in the Amazon S3 User Guide.
This action requires permissions for the s3:GetReplicationConfiguration action. For more information about permissions, see Using Bucket Policies and User Policies.
If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication and Priority elements. The response also returns those elements.
For information about GetBucketReplication errors, see List of replication-related error codes
The following operations are related to GetBucketReplication:
",
"GetBucketRequestPayment": "Returns the request payment configuration of a bucket. To use this version of the operation, you must be the bucket owner. For more information, see Requester Pays Buckets.
The following operations are related to GetBucketRequestPayment:
",
"GetBucketTagging": "Returns the tag set associated with the bucket.
To use this operation, you must have permission to perform the s3:GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging has the following special error:
The following operations are related to GetBucketTagging:
",
"GetBucketVersioning": "Returns the versioning state of a bucket.
To retrieve the versioning state of a bucket, you must be the bucket owner.
This implementation also returns the MFA Delete status of the versioning state. If the MFA Delete status is enabled, the bucket owner must use an authentication device to change the versioning state of the bucket.
The following operations are related to GetBucketVersioning:
",
"GetBucketWebsite": "Returns the website configuration for a bucket. To host website on Amazon S3, you can configure a bucket as website by adding a website configuration. For more information about hosting websites, see Hosting Websites on Amazon S3.
This GET action requires the S3:GetBucketWebsite permission. By default, only the bucket owner can read the bucket website configuration. However, bucket owners can allow other users to read the website configuration by writing a bucket policy granting them the S3:GetBucketWebsite permission.
The following operations are related to DeleteBucketWebsite:
",
- "GetObject": "Retrieves objects from Amazon S3. To use GET, you must have READ access to the object. If you grant READ access to the anonymous user, you can return the object without using an authorization header.
An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg.
To get an object from such a logical hierarchy, specify the full key name for the object in the GET operation. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg, specify the resource as /photos/2006/February/sample.jpg. For a path-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, specify the resource as /examplebucket/photos/2006/February/sample.jpg. For more information about request types, see HTTP Host Header Bucket Specification.
For more information about returning the ACL of an object, see GetObjectAcl.
If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this action returns an InvalidObjectState error. For information about restoring archived objects, see Restoring Archived Objects.
Encryption request headers, like x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).
Assuming you have the relevant permission to read object tags, the response also returns the x-amz-tagging-count header that provides the count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.
Permissions
You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
-
If you have the s3:ListBucket permission on the bucket, Amazon S3 will return an HTTP status code 404 (\"no such key\") error.
-
If you don’t have the s3:ListBucket permission, Amazon S3 will return an HTTP status code 403 (\"access denied\") error.
Versioning
By default, the GET action returns the current version of an object. To return a different version, use the versionId subresource.
-
If you supply a versionId, you need the s3:GetObjectVersion permission to access a specific version of an object. If you request a specific version, you do not need to have the s3:GetObject permission. If you request the current version without a specific version ID, only s3:GetObject permission is required. s3:GetObjectVersion permission won't be required.
-
If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes x-amz-delete-marker: true in the response.
For more information about versioning, see PutBucketVersioning.
Overriding Response Header Values
There are times when you want to override certain response header values in a GET response. For example, you might override the Content-Disposition response header value in your GET request.
You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are Content-Type, Content-Language, Expires, Cache-Control, Content-Disposition, and Content-Encoding. To override these header values in the GET response, you use the following request parameters.
You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request.
-
response-content-type
-
response-content-language
-
response-expires
-
response-cache-control
-
response-content-disposition
-
response-content-encoding
Additional Considerations about Request Headers
If both of the If-Match and If-Unmodified-Since headers are present in the request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since condition evaluates to false; then, S3 returns 200 OK and the data requested.
If both of the If-None-Match and If-Modified-Since headers are present in the request as follows: If-None-Match condition evaluates to false, and; If-Modified-Since condition evaluates to true; then, S3 returns 304 Not Modified response code.
For more information about conditional requests, see RFC 7232.
The following operations are related to GetObject:
",
+ "GetObject": "Retrieves objects from Amazon S3. To use GET, you must have READ access to the object. If you grant READ access to the anonymous user, you can return the object without using an authorization header.
An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg.
To get an object from such a logical hierarchy, specify the full key name for the object in the GET operation. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg, specify the resource as /photos/2006/February/sample.jpg. For a path-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, specify the resource as /examplebucket/photos/2006/February/sample.jpg. For more information about request types, see HTTP Host Header Bucket Specification.
For more information about returning the ACL of an object, see GetObjectAcl.
If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this action returns an InvalidObjectStateError error. For information about restoring archived objects, see Restoring Archived Objects.
Encryption request headers, like x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).
Assuming you have the relevant permission to read object tags, the response also returns the x-amz-tagging-count header that provides the count of number of tags associated with the object. You can use GetObjectTagging to retrieve the tag set associated with an object.
Permissions
You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
-
If you have the s3:ListBucket permission on the bucket, Amazon S3 will return an HTTP status code 404 (\"no such key\") error.
-
If you don’t have the s3:ListBucket permission, Amazon S3 will return an HTTP status code 403 (\"access denied\") error.
Versioning
By default, the GET action returns the current version of an object. To return a different version, use the versionId subresource.
-
If you supply a versionId, you need the s3:GetObjectVersion permission to access a specific version of an object. If you request a specific version, you do not need to have the s3:GetObject permission.
-
If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes x-amz-delete-marker: true in the response.
For more information about versioning, see PutBucketVersioning.
Overriding Response Header Values
There are times when you want to override certain response header values in a GET response. For example, you might override the Content-Disposition response header value in your GET request.
You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are Content-Type, Content-Language, Expires, Cache-Control, Content-Disposition, and Content-Encoding. To override these header values in the GET response, you use the following request parameters.
You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request.
-
response-content-type
-
response-content-language
-
response-expires
-
response-cache-control
-
response-content-disposition
-
response-content-encoding
Additional Considerations about Request Headers
If both of the If-Match and If-Unmodified-Since headers are present in the request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since condition evaluates to false; then, S3 returns 200 OK and the data requested.
If both of the If-None-Match and If-Modified-Since headers are present in the request as follows: If-None-Match condition evaluates to false, and; If-Modified-Since condition evaluates to true; then, S3 returns 304 Not Modified response code.
For more information about conditional requests, see RFC 7232.
The following operations are related to GetObject:
",
"GetObjectAcl": "Returns the access control list (ACL) of an object. To use this operation, you must have s3:GetObjectAcl permissions or READ_ACP access to the object. For more information, see Mapping of ACL permissions and access policy permissions in the Amazon S3 User Guide
This action is not supported by Amazon S3 on Outposts.
Versioning
By default, GET returns ACL information about the current version of an object. To return ACL information about a different version, use the versionId subresource.
If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.
The following operations are related to GetObjectAcl:
",
- "GetObjectAttributes": "Retrieves all the metadata from an object without returning the object itself. This action is useful if you're interested only in an object's metadata. To use GetObjectAttributes, you must have READ access to the object.
GetObjectAttributes combines the functionality of HeadObject and ListParts. All of the data returned with each of those individual calls can be returned with a single call to GetObjectAttributes.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.
-
Encryption request headers, such as x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with Amazon Web Services KMS keys stored in Amazon Web Services Key Management Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys (SSE-S3). If your object does use these types of keys, you'll get an HTTP 400 Bad Request error.
-
The last modified property in this case is the creation date of the object.
Consider the following when using request headers:
-
If both of the If-Match and If-Unmodified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 200 OK and the data requested:
-
If both of the If-None-Match and If-Modified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 304 Not Modified:
For more information about conditional requests, see RFC 7232.
Permissions
The permissions that you need to use this operation depend on whether the bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this operation. If the bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions. For more information, see Specifying Permissions in a Policy in the Amazon S3 User Guide. If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
-
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found (\"no such key\") error.
-
If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden (\"access denied\") error.
The following actions are related to GetObjectAttributes:
",
+ "GetObjectAttributes": "Retrieves all the metadata from an object without returning the object itself. This action is useful if you're interested only in an object's metadata. To use GetObjectAttributes, you must have READ access to the object.
GetObjectAttributes combines the functionality of GetObjectAcl, GetObjectLegalHold, GetObjectLockConfiguration, GetObjectRetention, GetObjectTagging, HeadObject, and ListParts. All of the data returned with each of those individual calls can be returned with a single call to GetObjectAttributes.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.
-
Encryption request headers, such as x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with Amazon Web Services KMS keys stored in Amazon Web Services Key Management Service (SSE-KMS) or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). If your object does use these types of keys, you'll get an HTTP 400 Bad Request error.
-
The last modified property in this case is the creation date of the object.
Consider the following when using request headers:
-
If both of the If-Match and If-Unmodified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 200 OK and the data requested:
-
If both of the If-None-Match and If-Modified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 304 Not Modified:
For more information about conditional requests, see RFC 7232.
Permissions
The permissions that you need to use this operation depend on whether the bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this operation. If the bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions. For more information, see Specifying Permissions in a Policy in the Amazon S3 User Guide. If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
-
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found (\"no such key\") error.
-
If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden (\"access denied\") error.
The following actions are related to GetObjectAttributes:
",
"GetObjectLegalHold": "Gets an object's current legal hold status. For more information, see Locking Objects.
This action is not supported by Amazon S3 on Outposts.
The following action is related to GetObjectLegalHold:
",
"GetObjectLockConfiguration": "Gets the Object Lock configuration for a bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.
The following action is related to GetObjectLockConfiguration:
",
"GetObjectRetention": "Retrieves an object's retention settings. For more information, see Locking Objects.
This action is not supported by Amazon S3 on Outposts.
The following action is related to GetObjectRetention:
",
"GetObjectTagging": "Returns the tag-set of an object. You send the GET request against the tagging subresource associated with the object.
To use this operation, you must have permission to perform the s3:GetObjectTagging action. By default, the GET action returns information about current version of an object. For a versioned bucket, you can have multiple versions of an object in your bucket. To retrieve tags of any other version, use the versionId query parameter. You also need permission for the s3:GetObjectVersionTagging action.
By default, the bucket owner has this permission and can grant this permission to others.
For information about the Amazon S3 object tagging feature, see Object Tagging.
The following actions are related to GetObjectTagging:
",
- "GetObjectTorrent": "Returns torrent files from a bucket. BitTorrent can save you bandwidth when you're distributing large files.
You can get torrent only for objects that are less than 5 GB in size, and that are not encrypted using server-side encryption with a customer-provided encryption key.
To use GET, you must have READ access to the object.
This action is not supported by Amazon S3 on Outposts.
The following action is related to GetObjectTorrent:
",
+ "GetObjectTorrent": "Returns torrent files from a bucket. BitTorrent can save you bandwidth when you're distributing large files. For more information about BitTorrent, see Using BitTorrent with Amazon S3.
You can get torrent only for objects that are less than 5 GB in size, and that are not encrypted using server-side encryption with a customer-provided encryption key.
To use GET, you must have READ access to the object.
This action is not supported by Amazon S3 on Outposts.
The following action is related to GetObjectTorrent:
",
"GetPublicAccessBlock": "Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:GetBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.
When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock settings are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings.
For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of \"Public\".
The following operations are related to GetPublicAccessBlock:
",
- "HeadBucket": "This action is useful to determine if a bucket exists and you have permission to access it. The action returns a 200 OK if the bucket exists and you have permission to access it.
If the bucket does not exist or you do not have permission to access it, the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404 Not Found code. A message body is not included, so you cannot determine the exception beyond these error codes.
To use this operation, you must have permissions to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
To use this API against an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using the Amazon Web Services SDKs, you provide the ARN in place of the bucket name. For more information see, Using access points.
",
- "HeadObject": "The HEAD action retrieves metadata from an object without returning the object itself. This action is useful if you're only interested in an object's metadata. To use HEAD, you must have READ access to the object.
A HEAD request has the same options as a GET action on an object. The response is identical to the GET response except that there is no response body. Because of this, if the HEAD request generates an error, it returns a generic 400 Bad Request, 403 Forbidden or 404 Not Found code. It is not possible to retrieve the exact exception beyond these error codes.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).
-
Encryption request headers, like x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.
-
The last modified property in this case is the creation date of the object.
Request headers are limited to 8 KB in size. For more information, see Common Request Headers.
Consider the following when using request headers:
-
Consideration 1 – If both of the If-Match and If-Unmodified-Since headers are present in the request as follows:
Then Amazon S3 returns 200 OK and the data requested.
-
Consideration 2 – If both of the If-None-Match and If-Modified-Since headers are present in the request as follows:
Then Amazon S3 returns the 304 Not Modified response code.
For more information about conditional requests, see RFC 7232.
Permissions
You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
-
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 (\"no such key\") error.
-
If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 (\"access denied\") error.
The following actions are related to HeadObject:
",
+ "HeadBucket": "This action is useful to determine if a bucket exists and you have permission to access it. The action returns a 200 OK if the bucket exists and you have permission to access it.
If the bucket does not exist or you do not have permission to access it, the HEAD request returns a generic 404 Not Found or 403 Forbidden code. A message body is not included, so you cannot determine the exception beyond these error codes.
To use this operation, you must have permissions to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
To use this API against an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using the Amazon Web Services SDKs, you provide the ARN in place of the bucket name. For more information see, Using access points.
",
+ "HeadObject": "The HEAD action retrieves metadata from an object without returning the object itself. This action is useful if you're only interested in an object's metadata. To use HEAD, you must have READ access to the object.
A HEAD request has the same options as a GET action on an object. The response is identical to the GET response except that there is no response body. Because of this, if the HEAD request generates an error, it returns a generic 404 Not Found or 403 Forbidden code. It is not possible to retrieve the exact exception beyond these error codes.
If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers:
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys).
-
Encryption request headers, like x-amz-server-side-encryption, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.
-
The last modified property in this case is the creation date of the object.
Request headers are limited to 8 KB in size. For more information, see Common Request Headers.
Consider the following when using request headers:
-
Consideration 1 – If both of the If-Match and If-Unmodified-Since headers are present in the request as follows:
Then Amazon S3 returns 200 OK and the data requested.
-
Consideration 2 – If both of the If-None-Match and If-Modified-Since headers are present in the request as follows:
Then Amazon S3 returns the 304 Not Modified response code.
For more information about conditional requests, see RFC 7232.
Permissions
You need the relevant read object (or version) permission for this operation. For more information, see Specifying Permissions in a Policy. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.
-
If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 (\"no such key\") error.
-
If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 (\"access denied\") error.
The following actions are related to HeadObject:
",
"ListBucketAnalyticsConfigurations": "Lists the analytics configurations for the bucket. You can have up to 1,000 analytics configurations per bucket.
This action supports list pagination and does not return more than 100 configurations at a time. You should always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there will be a value in NextContinuationToken. You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.
To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
For information about Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis.
The following operations are related to ListBucketAnalyticsConfigurations:
",
"ListBucketIntelligentTieringConfigurations": "Lists the S3 Intelligent-Tiering configuration from the specified bucket.
The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.
The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.
For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.
Operations related to ListBucketIntelligentTieringConfigurations include:
",
"ListBucketInventoryConfigurations": "Returns a list of inventory configurations for the bucket. You can have up to 1,000 analytics configurations per bucket.
This action supports list pagination and does not return more than 100 configurations at a time. Always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there is a value in NextContinuationToken. You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.
To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
The following operations are related to ListBucketInventoryConfigurations:
",
"ListBucketMetricsConfigurations": "Lists the metrics configurations for the bucket. The metrics configurations are only for the request metrics of the bucket and do not provide information on daily storage metrics. You can have up to 1,000 configurations per bucket.
This action supports list pagination and does not return more than 100 configurations at a time. Always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there is a value in NextContinuationToken. You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.
To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
For more information about metrics configurations and CloudWatch request metrics, see Monitoring Metrics with Amazon CloudWatch.
The following operations are related to ListBucketMetricsConfigurations:
",
- "ListBuckets": "Returns a list of all buckets owned by the authenticated sender of the request. To use this operation, you must have the s3:ListAllMyBuckets permission.
For information about Amazon S3 buckets, see Creating, configuring, and working with Amazon S3 buckets.
",
+ "ListBuckets": "Returns a list of all buckets owned by the authenticated sender of the request. To use this operation, you must have the s3:ListAllMyBuckets permission.
",
"ListMultipartUploads": "This action lists in-progress multipart uploads. An in-progress multipart upload is a multipart upload that has been initiated using the Initiate Multipart Upload request, but has not yet been completed or aborted.
This action returns at most 1,000 multipart uploads in the response. 1,000 multipart uploads is the maximum number of uploads a response can include, which is also the default value. You can further limit the number of uploads in a response by specifying the max-uploads parameter in the response. If additional multipart uploads satisfy the list criteria, the response will contain an IsTruncated element with the value true. To list the additional multipart uploads, use the key-marker and upload-id-marker request parameters.
In the response, the uploads are sorted by key. If your application has initiated more than one multipart upload using the same object key, then uploads in the response are first sorted by key. Additionally, uploads are sorted in ascending order within each key by the upload initiation time.
For more information on multipart uploads, see Uploading Objects Using Multipart Upload.
For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.
The following operations are related to ListMultipartUploads:
",
"ListObjectVersions": "Returns metadata about all versions of the objects in a bucket. You can also use request parameters as selection criteria to return metadata about a subset of all the object versions.
To use this operation, you must have permissions to perform the s3:ListBucketVersions action. Be aware of the name difference.
A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately.
To use this operation, you must have READ access to the bucket.
This action is not supported by Amazon S3 on Outposts.
The following operations are related to ListObjectVersions:
",
"ListObjects": "Returns some or all (up to 1,000) of the objects in a bucket. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Be sure to design your application to parse the contents of the response and handle it appropriately.
This action has been revised. We recommend that you use the newer version, ListObjectsV2, when developing applications. For backward compatibility, Amazon S3 continues to support ListObjects.
The following operations are related to ListObjects:
",
"ListObjectsV2": "Returns some or all (up to 1,000) of the objects in a bucket with each request. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. Objects are returned sorted in an ascending order of the respective key names in the list. For more information about listing objects, see Listing object keys programmatically
To use this operation, you must have READ access to the bucket.
To use this action in an Identity and Access Management (IAM) policy, you must have permissions to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
This section describes the latest revision of this action. We recommend that you use this revised API for application development. For backward compatibility, Amazon S3 continues to support the prior version of this API, ListObjects.
To get a list of your buckets, see ListBuckets.
The following operations are related to ListObjectsV2:
",
"ListParts": "Lists the parts that have been uploaded for a specific multipart upload. This operation must include the upload ID, which you obtain by sending the initiate multipart upload request (see CreateMultipartUpload). This request returns a maximum of 1,000 uploaded parts. The default number of parts returned is 1,000 parts. You can restrict the number of parts returned by specifying the max-parts request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an IsTruncated field with the value of true, and a NextPartNumberMarker element. In subsequent ListParts requests you can include the part-number-marker query string parameter and set its value to the NextPartNumberMarker field value from the previous response.
If the upload was created using a checksum algorithm, you will need to have permission to the kms:Decrypt action for the request to succeed.
For more information on multipart uploads, see Uploading Objects Using Multipart Upload.
For information on permissions required to use the multipart upload API, see Multipart Upload and Permissions.
The following operations are related to ListParts:
",
"PutBucketAccelerateConfiguration": "Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer Acceleration is a bucket-level feature that enables you to perform faster data transfers to Amazon S3.
To use this operation, you must have permission to perform the s3:PutAccelerateConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
The Transfer Acceleration state of a bucket can be set to one of the following two values:
The GetBucketAccelerateConfiguration action returns the transfer acceleration state of a bucket.
After setting the Transfer Acceleration state of a bucket to Enabled, it might take up to thirty minutes before the data transfer rates to the bucket increase.
The name of the bucket used for Transfer Acceleration must be DNS-compliant and must not contain periods (\".\").
For more information about transfer acceleration, see Transfer Acceleration.
The following operations are related to PutBucketAccelerateConfiguration:
",
- "PutBucketAcl": "Sets the permissions on an existing bucket using access control lists (ACL). For more information, see Using ACLs. To set the ACL of a bucket, you must have WRITE_ACP permission.
You can use one of the following two ways to set a bucket's permissions:
You cannot specify access permission using both the body and the request headers.
Depending on your application needs, you may choose to set the ACL on a bucket using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, then you can continue to use that approach.
If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported error code. Requests to read ACLs are still supported. For more information, see Controlling object ownership in the Amazon S3 User Guide.
Access Permissions
You can set access permissions using one of the following methods:
-
Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of x-amz-acl. If you use this header, you cannot use other access control-specific headers in your request. For more information, see Canned ACL.
-
Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use the x-amz-acl header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.
You specify each grantee as a type=value pair, where the type is one of the following:
-
id – if the value specified is the canonical user ID of an Amazon Web Services account
-
uri – if you are granting permissions to a predefined group
-
emailAddress – if the value specified is the email address of an Amazon Web Services account
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
For example, the following x-amz-grant-write header grants create, overwrite, and delete objects permission to LogDelivery group predefined by Amazon S3 and two Amazon Web Services accounts identified by their email addresses.
x-amz-grant-write: uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\", id=\"111122223333\", id=\"555566667777\"
You can use either a canned ACL or specify access permissions explicitly. You cannot do both.
Grantee Values
You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:
-
By the person's ID:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>
DisplayName is optional and ignored in the request
-
By URI:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
-
By Email address:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress>&</Grantee>
The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
Related Resources
",
+ "PutBucketAcl": "Sets the permissions on an existing bucket using access control lists (ACL). For more information, see Using ACLs. To set the ACL of a bucket, you must have WRITE_ACP permission.
You can use one of the following two ways to set a bucket's permissions:
You cannot specify access permission using both the body and the request headers.
Depending on your application needs, you may choose to set the ACL on a bucket using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, then you can continue to use that approach.
If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported error code. Requests to read ACLs are still supported. For more information, see Controlling object ownership in the Amazon S3 User Guide.
Access Permissions
You can set access permissions using one of the following methods:
-
Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of x-amz-acl. If you use this header, you cannot use other access control-specific headers in your request. For more information, see Canned ACL.
-
Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use the x-amz-acl header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.
You specify each grantee as a type=value pair, where the type is one of the following:
-
id – if the value specified is the canonical user ID of an Amazon Web Services account
-
uri – if you are granting permissions to a predefined group
-
emailAddress – if the value specified is the email address of an Amazon Web Services account
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
For example, the following x-amz-grant-write header grants create, overwrite, and delete objects permission to LogDelivery group predefined by Amazon S3 and two Amazon Web Services accounts identified by their email addresses.
x-amz-grant-write: uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\", id=\"111122223333\", id=\"555566667777\"
You can use either a canned ACL or specify access permissions explicitly. You cannot do both.
Grantee Values
You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:
-
By the person's ID:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>
DisplayName is optional and ignored in the request
-
By URI:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
-
By Email address:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>
The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
Related Resources
",
"PutBucketAnalyticsConfiguration": "Sets an analytics configuration for the bucket (specified by the analytics configuration ID). You can have up to 1,000 analytics configurations per bucket.
You can choose to have storage class analysis export analysis reports sent to a comma-separated values (CSV) flat file. See the DataExport request element. Reports are updated daily and are based on the object filters that you configure. When selecting data export, you specify a destination bucket and an optional destination prefix where the file is written. You can export the data to a destination bucket in a different account. However, the destination bucket must be in the same Region as the bucket that you are making the PUT analytics configuration to. For more information, see Amazon S3 Analytics – Storage Class Analysis.
You must create a bucket policy on the destination bucket where the exported file is written to grant permissions to Amazon S3 to write objects to the bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.
To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
Special Errors
-
-
-
HTTP Error: HTTP 400 Bad Request
-
Code: TooManyConfigurations
-
Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.
-
-
HTTP Error: HTTP 403 Forbidden
-
Code: AccessDenied
-
Cause: You are not the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration bucket permission to set the configuration on the bucket.
Related Resources
",
"PutBucketCors": "Sets the cors configuration for your bucket. If the configuration exists, Amazon S3 replaces it.
To use this operation, you must be allowed to perform the s3:PutBucketCORS action. By default, the bucket owner has this permission and can grant it to others.
You set this configuration on a bucket so that the bucket can service cross-origin requests. For example, you might want to enable a request whose origin is http://www.example.com to access your Amazon S3 bucket at my.example.bucket.com by using the browser's XMLHttpRequest capability.
To enable cross-origin resource sharing (CORS) on a bucket, you add the cors subresource to the bucket. The cors subresource is an XML document in which you configure rules that identify origins and the HTTP methods that can be executed on your bucket. The document is limited to 64 KB in size.
When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS request) against a bucket, it evaluates the cors configuration on the bucket and uses the first CORSRule rule that matches the incoming browser request to enable a cross-origin request. For a rule to match, the following conditions must be met:
-
The request's Origin header must match AllowedOrigin elements.
-
The request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method header in case of a pre-flight OPTIONS request must be one of the AllowedMethod elements.
-
Every header specified in the Access-Control-Request-Headers request header of a pre-flight request must match an AllowedHeader element.
For more information about CORS, go to Enabling Cross-Origin Resource Sharing in the Amazon S3 User Guide.
Related Resources
",
- "PutBucketEncryption": "This action uses the encryption subresource to configure default encryption and Amazon S3 Bucket Keys for an existing bucket.
By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally configure default encryption for a bucket by using server-side encryption with an Amazon Web Services KMS key (SSE-KMS) or a customer-provided key (SSE-C). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information about bucket default encryption, see Amazon S3 bucket default encryption in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
This action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).
To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Related Resources
",
+ "PutBucketEncryption": "This action uses the encryption subresource to configure default encryption and Amazon S3 Bucket Key for an existing bucket.
Default encryption for a bucket can use server-side encryption with Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). If you specify default encryption using SSE-KMS, you can also configure Amazon S3 Bucket Key. When the default encryption is SSE-KMS, if you upload an object to the bucket and do not specify the KMS key to use for encryption, Amazon S3 uses the default Amazon Web Services managed KMS key for your account. For information about default encryption, see Amazon S3 default bucket encryption in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
This action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).
To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Related Resources
",
"PutBucketIntelligentTieringConfiguration": "Puts a S3 Intelligent-Tiering configuration to the specified bucket. You can have up to 1,000 S3 Intelligent-Tiering configurations per bucket.
The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.
The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.
For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.
Operations related to PutBucketIntelligentTieringConfiguration include:
You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically move objects stored in the S3 Intelligent-Tiering storage class to the Archive Access or Deep Archive Access tier.
Special Errors
",
- "PutBucketInventoryConfiguration": "This implementation of the PUT action adds an inventory configuration (identified by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations per bucket.
Amazon S3 inventory generates inventories of the objects in the bucket on a daily or weekly basis, and the results are published to a flat file. The bucket that is inventoried is called the source bucket, and the bucket where the inventory flat file is stored is called the destination bucket. The destination bucket must be in the same Amazon Web Services Region as the source bucket.
When you configure an inventory for a source bucket, you specify the destination bucket where you want the inventory to be stored, and whether to generate the inventory daily or weekly. You can also configure what object metadata to include and whether to inventory all object versions or only current versions. For more information, see Amazon S3 Inventory in the Amazon S3 User Guide.
You must create a bucket policy on the destination bucket to grant permissions to Amazon S3 to write objects to the bucket in the defined location. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.
Permissions
To use this operation, you must have permission to perform the s3:PutInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others.
The s3:PutInventoryConfiguration permission allows a user to create an S3 Inventory report that includes all object metadata fields available and to specify the destination bucket to store the inventory. A user with read access to objects in the destination bucket can also access all object metadata fields that are available in the inventory report.
To restrict access to an inventory report, see Restricting access to an Amazon S3 Inventory report in the Amazon S3 User Guide. For more information about the metadata fields available in S3 Inventory, see Amazon S3 Inventory lists in the Amazon S3 User Guide. For more information about permissions, see Permissions related to bucket subresource operations and Identity and access management in Amazon S3 in the Amazon S3 User Guide.
Special Errors
Related Resources
",
+ "PutBucketInventoryConfiguration": "This implementation of the PUT action adds an inventory configuration (identified by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations per bucket.
Amazon S3 inventory generates inventories of the objects in the bucket on a daily or weekly basis, and the results are published to a flat file. The bucket that is inventoried is called the source bucket, and the bucket where the inventory flat file is stored is called the destination bucket. The destination bucket must be in the same Amazon Web Services Region as the source bucket.
When you configure an inventory for a source bucket, you specify the destination bucket where you want the inventory to be stored, and whether to generate the inventory daily or weekly. You can also configure what object metadata to include and whether to inventory all object versions or only current versions. For more information, see Amazon S3 Inventory in the Amazon S3 User Guide.
You must create a bucket policy on the destination bucket to grant permissions to Amazon S3 to write objects to the bucket in the defined location. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.
To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Special Errors
Related Resources
",
"PutBucketLifecycle": " For an updated version of this API, see PutBucketLifecycleConfiguration. This version has been deprecated. Existing lifecycle configurations will work. For new lifecycle configurations, use the updated API.
Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. For information about lifecycle configuration, see Object Lifecycle Management in the Amazon S3 User Guide.
By default, all Amazon S3 resources, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration) are private. Only the resource owner, the Amazon Web Services account that created the resource, can access it. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, users must get the s3:PutLifecycleConfiguration permission.
You can also explicitly deny permissions. Explicit denial also supersedes any other permissions. If you want to prevent users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:
For more information about permissions, see Managing Access Permissions to your Amazon S3 Resources in the Amazon S3 User Guide.
For more examples of transitioning objects to storage classes such as STANDARD_IA or ONEZONE_IA, see Examples of Lifecycle Configuration.
Related Resources
-
GetBucketLifecycle(Deprecated)
-
GetBucketLifecycleConfiguration
-
RestoreObject
-
By default, a resource owner—in this case, a bucket owner, which is the Amazon Web Services account that created the bucket—can perform any of the operations. A resource owner can also grant others permission to perform the operation. For more information, see the following topics in the Amazon S3 User Guide:
",
"PutBucketLifecycleConfiguration": "Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. Keep in mind that this will overwrite an existing lifecycle configuration, so if you want to retain any configuration details, they must be included in the new lifecycle configuration. For information about lifecycle configuration, see Managing your storage lifecycle.
Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, or a combination of both. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility. For the related API description, see PutBucketLifecycle.
Rules
You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable. Each rule consists of the following:
-
Filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, or a combination of both.
-
Status whether the rule is in effect.
-
One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions.
For more information, see Object Lifecycle Management and Lifecycle Configuration Elements.
Permissions
By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must get the s3:PutLifecycleConfiguration permission.
You can also explicitly deny permissions. Explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:
For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.
The following are related to PutBucketLifecycleConfiguration:
",
"PutBucketLogging": "Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. All logs are saved to buckets in the same Amazon Web Services Region as the source bucket. To set the logging status of a bucket, you must be the bucket owner.
The bucket owner is automatically granted FULL_CONTROL to all logs. You use the Grantee request element to grant access to other people. The Permissions request element specifies the kind of access the grantee has to the logs.
If the target bucket for log delivery uses the bucket owner enforced setting for S3 Object Ownership, you can't use the Grantee request element to grant access to others. Permissions can only be granted using policies. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.
Grantee Values
You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:
-
By the person's ID:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>
DisplayName is optional and ignored in the request.
-
By Email address:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress></Grantee>
The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.
-
By URI:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
To enable logging, you use LoggingEnabled and its children request elements. To disable logging, you use an empty BucketLoggingStatus request element:
<BucketLoggingStatus xmlns=\"http://doc.s3.amazonaws.com/2006-03-01\" />
For more information about server access logging, see Server Access Logging in the Amazon S3 User Guide.
For more information about creating a bucket, see CreateBucket. For more information about returning the logging status of a bucket, see GetBucketLogging.
The following operations are related to PutBucketLogging:
",
@@ -87,16 +87,16 @@
"PutBucketTagging": "Sets the tags for a bucket.
Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost Allocation and Tagging and Using Cost Allocation in Amazon S3 Bucket Tags.
When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags.
To use this operation, you must have permissions to perform the s3:PutBucketTagging action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
PutBucketTagging has the following special errors:
-
Error code: InvalidTagError
-
Error code: MalformedXMLError
-
Error code: OperationAbortedError
-
Error code: InternalError
The following operations are related to PutBucketTagging:
",
"PutBucketVersioning": "Sets the versioning state of an existing bucket.
You can set the versioning state with one of the following values:
Enabled—Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.
Suspended—Disables versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.
If the versioning state has never been set on a bucket, it has no versioning state; a GetBucketVersioning request does not return a versioning state value.
In order to enable MFA Delete, you must be the bucket owner. If you are the bucket owner and want to enable MFA Delete in the bucket versioning configuration, you must include the x-amz-mfa request header and the Status and the MfaDelete request elements in a request to set the versioning state of the bucket.
If you have an object expiration lifecycle policy in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle policy will manage the deletes of the noncurrent object versions in the version-enabled bucket. (A version-enabled bucket maintains one current and zero or more noncurrent object versions.) For more information, see Lifecycle and Versioning.
Related Resources
",
"PutBucketWebsite": "Sets the configuration of the website that is specified in the website subresource. To configure a bucket as a website, you can add this subresource on the bucket with website configuration information such as the file name of the index document and any redirect rules. For more information, see Hosting Websites on Amazon S3.
This PUT action requires the S3:PutBucketWebsite permission. By default, only the bucket owner can configure the website attached to a bucket; however, bucket owners can allow other users to set the website configuration by writing a bucket policy that grants them the S3:PutBucketWebsite permission.
To redirect all website requests sent to the bucket's website endpoint, you add a website configuration with the following elements. Because all requests are sent to another website, you don't need to provide index document name for the bucket.
-
WebsiteConfiguration
-
RedirectAllRequestsTo
-
HostName
-
Protocol
If you want granular control over redirects, you can use the following elements to add routing rules that describe conditions for redirecting requests and information about the redirect destination. In this case, the website configuration must provide an index document for the bucket, because some requests might not be redirected.
Amazon S3 has a limitation of 50 routing rules per website configuration. If you require more than 50 routing rules, you can use object redirect. For more information, see Configuring an Object Redirect in the Amazon S3 User Guide.
",
- "PutObject": "Adds an object to a bucket. You must have WRITE permissions on a bucket to add an object to it.
Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket. You cannot use PutObject to only update a single piece of metadata for an existing object. You must put the entire object with updated metadata if you want to update some values.
Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. To prevent objects from being deleted or overwritten, you can use Amazon S3 Object Lock.
To ensure that data is not corrupted traversing the network, use the Content-MD5 header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, returns an error. Additionally, you can calculate the MD5 while putting an object to Amazon S3 and compare the returned ETag to the calculated MD5 value.
-
To successfully complete the PutObject request, you must have the s3:PutObject in your IAM permissions.
-
To successfully change the objects acl of your PutObject request, you must have the s3:PutObjectAcl in your IAM permissions.
-
To successfully set the tag-set with your PutObject request, you must have the s3:PutObjectTagging in your IAM permissions.
-
The Content-MD5 header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview in the Amazon S3 User Guide.
You have three mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at by rest using server-side encryption with other key options. For more information, see Using Server-Side Encryption.
When adding a new object, you can use headers to grant ACL-based permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. By default, all objects are private. Only the owner has full access control. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.
If the bucket that you're uploading objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed in the XML format. PUT requests that contain other ACLs (for example, custom grants to certain Amazon Web Services accounts) fail and return a 400 error with the error code AccessControlListNotSupported. For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.
If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.
By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide.
If you enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the object being stored. Amazon S3 returns this ID in the response. When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of the objects. For more information about versioning, see Adding Objects to Versioning Enabled Buckets. For information about returning the versioning state of a bucket, see GetBucketVersioning.
For more information about related Amazon S3 APIs, see the following:
",
+ "PutObject": "Adds an object to a bucket. You must have WRITE permissions on a bucket to add an object to it.
Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket.
Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. Amazon S3 does not provide object locking; if you need this, make sure to build it into your application layer or use versioning instead.
To ensure that data is not corrupted traversing the network, use the Content-MD5 header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, returns an error. Additionally, you can calculate the MD5 while putting an object to Amazon S3 and compare the returned ETag to the calculated MD5 value.
-
To successfully complete the PutObject request, you must have the s3:PutObject in your IAM permissions.
-
To successfully change the objects acl of your PutObject request, you must have the s3:PutObjectAcl in your IAM permissions.
-
The Content-MD5 header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview in the Amazon S3 User Guide.
Server-side Encryption
You can optionally request server-side encryption. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. You have the option to provide your own encryption key or use Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS). For more information, see Using Server-Side Encryption.
If you request server-side encryption using Amazon Web Services Key Management Service (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
Access Control List (ACL)-Specific Request Headers
You can use headers to grant ACL- based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see Access Control List (ACL) Overview and Managing ACLs Using the REST API.
If the bucket that you're uploading objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed in the XML format. PUT requests that contain other ACLs (for example, custom grants to certain Amazon Web Services accounts) fail and return a 400 error with the error code AccessControlListNotSupported.
For more information, see Controlling ownership of objects and disabling ACLs in the Amazon S3 User Guide.
If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.
Storage Class Options
By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide.
Versioning
If you enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the object being stored. Amazon S3 returns this ID in the response. When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of the objects.
For more information about versioning, see Adding Objects to Versioning Enabled Buckets. For information about returning the versioning state of a bucket, see GetBucketVersioning.
Related Resources
",
"PutObjectAcl": "Uses the acl subresource to set the access control list (ACL) permissions for a new or existing object in an S3 bucket. You must have WRITE_ACP permission to set the ACL of an object. For more information, see What permissions can I grant? in the Amazon S3 User Guide.
This action is not supported by Amazon S3 on Outposts.
Depending on your application needs, you can choose to set the ACL on an object using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, you can continue to use that approach. For more information, see Access Control List (ACL) Overview in the Amazon S3 User Guide.
If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported error code. Requests to read ACLs are still supported. For more information, see Controlling object ownership in the Amazon S3 User Guide.
Access Permissions
You can set access permissions using one of the following methods:
-
Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of x-amz-acl. If you use this header, you cannot use other access control-specific headers in your request. For more information, see Canned ACL.
-
Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use x-amz-acl header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.
You specify each grantee as a type=value pair, where the type is one of the following:
-
id – if the value specified is the canonical user ID of an Amazon Web Services account
-
uri – if you are granting permissions to a predefined group
-
emailAddress – if the value specified is the email address of an Amazon Web Services account
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
For example, the following x-amz-grant-read header grants list objects permission to the two Amazon Web Services accounts identified by their email addresses.
x-amz-grant-read: emailAddress=\"xyz@amazon.com\", emailAddress=\"abc@amazon.com\"
You can use either a canned ACL or specify access permissions explicitly. You cannot do both.
Grantee Values
You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:
-
By the person's ID:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>
DisplayName is optional and ignored in the request.
-
By URI:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>
-
By Email address:
<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>
The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.
Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
Versioning
The ACL of an object is set at the object version level. By default, PUT sets the ACL of the current version of an object. To set the ACL of a different version, use the versionId subresource.
Related Resources
",
"PutObjectLegalHold": "Applies a legal hold configuration to the specified object. For more information, see Locking Objects.
This action is not supported by Amazon S3 on Outposts.
",
"PutObjectLockConfiguration": "Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.
-
The DefaultRetention settings require both a mode and a period.
-
The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.
-
You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact Amazon Web Services Support.
",
"PutObjectRetention": "Places an Object Retention configuration on an object. For more information, see Locking Objects. Users or accounts require the s3:PutObjectRetention permission in order to place an Object Retention configuration on objects. Bypassing a Governance Retention configuration requires the s3:BypassGovernanceRetention permission.
This action is not supported by Amazon S3 on Outposts.
",
"PutObjectTagging": "Sets the supplied tag-set to an object that already exists in a bucket.
A tag is a key-value pair. You can associate tags with an object by sending a PUT request against the tagging subresource that is associated with the object. You can retrieve tags by sending a GET request. For more information, see GetObjectTagging.
For tagging-related restrictions related to characters and encodings, see Tag Restrictions. Note that Amazon S3 limits the maximum number of tags to 10 tags per object.
To use this operation, you must have permission to perform the s3:PutObjectTagging action. By default, the bucket owner has this permission and can grant this permission to others.
To put tags of any other version, use the versionId query parameter. You also need permission for the s3:PutObjectVersionTagging action.
For information about the Amazon S3 object tagging feature, see Object Tagging.
Special Errors
Related Resources
",
"PutPublicAccessBlock": "Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.
When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock configurations are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings.
For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of \"Public\".
Related Resources
",
- "RestoreObject": "Restores an archived copy of an object back into Amazon S3
This action is not supported by Amazon S3 on Outposts.
This action performs the following types of requests:
To use this operation, you must have permissions to perform the s3:RestoreObject action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
For more information about the S3 structure in the request body, see the following:
When making a select request, you can also do the following:
-
To expedite your queries, specify the Expedited tier. For more information about tiers, see \"Restoring Archives,\" later in this topic.
-
Specify details about the data serialization format of both the input object that is being queried and the serialization of the CSV-encoded query results.
The following are additional important facts about the select feature:
-
The output results are new Amazon S3 objects. Unlike archive retrievals, they are stored until explicitly deleted-manually or through a lifecycle policy.
-
You can issue more than one select request on the same Amazon S3 object. Amazon S3 doesn't duplicate requests, so avoid issuing duplicate requests.
-
Amazon S3 accepts a select request even if the object has already been restored. A select request doesn’t return error response 409.
Restoring objects
Objects that you archive to the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real time. For objects in the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage classes, you must first initiate a restore request, and then wait until a temporary copy of the object is available. If you want a permanent copy of the object, create a copy of it in the Amazon S3 Standard storage class in your S3 bucket. To access an archived object, you must restore the object for the duration (number of days) that you specify. For objects in the Archive Access or Deep Archive Access tiers of S3 Intelligent-Tiering, you must first initiate a restore request, and then wait until the object is moved into the Frequent Access tier.
To restore a specific object version, you can provide a version ID. If you don't provide a version ID, Amazon S3 restores the current version.
When restoring an archived object, you can specify one of the following data access tier options in the Tier element of the request body:
-
Expedited - Expedited retrievals allow you to quickly access your data stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier when occasional urgent requests for a subset of archives are required. For all but the largest archived objects (250 MB+), data accessed using Expedited retrievals is typically made available within 1–5 minutes. Provisioned capacity ensures that retrieval capacity for Expedited retrievals is available when you need it. Expedited retrievals and provisioned capacity are not available for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.
-
Standard - Standard retrievals allow you to access any of your archived objects within several hours. This is the default option for retrieval requests that do not specify the retrieval option. Standard retrievals typically finish within 3–5 hours for objects stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 12 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects stored in S3 Intelligent-Tiering.
-
Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible Retrieval and S3 Intelligent-Tiering storage classes, enabling you to retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals typically finish within 5–12 hours for objects stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. Bulk retrievals are also the lowest-cost retrieval option when restoring objects from S3 Glacier Deep Archive. They typically finish within 48 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.
For more information about archive retrieval options and provisioned capacity for Expedited data access, see Restoring Archived Objects in the Amazon S3 User Guide.
You can use Amazon S3 restore speed upgrade to change the restore speed to a faster speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the Amazon S3 User Guide.
To get the status of object restoration, you can send a HEAD request. Operations return the x-amz-restore header, which provides information about the restoration status, in the response. You can use Amazon S3 event notifications to notify you when a restore is initiated or completed. For more information, see Configuring Amazon S3 Event Notifications in the Amazon S3 User Guide.
After restoring an archived object, you can update the restoration period by reissuing the request with a new period. Amazon S3 updates the restoration period relative to the current time and charges only for the request-there are no data transfer charges. You cannot update the restoration period when Amazon S3 is actively processing your current restore request for the object.
If your bucket has a lifecycle configuration with a rule that includes an expiration action, the object expiration overrides the life span that you specify in a restore request. For example, if you restore an object copy for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes the object in 3 days. For more information about lifecycle configuration, see PutBucketLifecycleConfiguration and Object Lifecycle Management in Amazon S3 User Guide.
Responses
A successful action returns either the 200 OK or 202 Accepted status code.
-
If the object is not previously restored, then Amazon S3 returns 202 Accepted in the response.
-
If the object is previously restored, Amazon S3 returns 200 OK in the response.
Special Errors
-
-
Code: RestoreAlreadyInProgress
-
Cause: Object restore is already in progress. (This error does not apply to SELECT type requests.)
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: GlacierExpeditedRetrievalNotAvailable
-
Cause: expedited retrievals are currently not available. Try again later. (Returned if there is insufficient capacity to process the Expedited request. This error applies only to Expedited retrievals and not to S3 Standard or Bulk retrievals.)
-
HTTP Status Code: 503
-
SOAP Fault Code Prefix: N/A
Related Resources
",
- "SelectObjectContent": "This action filters the contents of an Amazon S3 object based on a simple structured query language (SQL) statement. In the request, along with the SQL expression, you must also specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse object data into records, and returns only records that match the specified SQL expression. You must also specify the data serialization format for the response.
This action is not supported by Amazon S3 on Outposts.
For more information about Amazon S3 Select, see Selecting Content from Objects and SELECT Command in the Amazon S3 User Guide.
Permissions
You must have s3:GetObject permission for this operation. Amazon S3 Select does not support anonymous access. For more information about permissions, see Specifying Permissions in a Policy in the Amazon S3 User Guide.
Object Data Formats
You can use Amazon S3 Select to query objects that have the following format properties:
-
CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format.
-
UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports.
-
GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are the only compression formats that Amazon S3 Select supports for CSV and JSON files. Amazon S3 Select supports columnar compression for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object compression for Parquet objects.
-
Server-side encryption - Amazon S3 Select supports querying objects that are protected with server-side encryption.
For objects that are encrypted with customer-provided encryption keys (SSE-C), you must use HTTPS, and you must use the headers that are documented in the GetObject. For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.
For objects that are encrypted with Amazon S3 managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side encryption is handled transparently, so you don't need to specify anything. For more information about server-side encryption, including SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption in the Amazon S3 User Guide.
Working with the Response Body
Given the response size is unknown, Amazon S3 Select streams the response as a series of messages and includes a Transfer-Encoding header with chunked as its value in the response. For more information, see Appendix: SelectObjectContent Response.
GetObject Support
The SelectObjectContent action does not support the following GetObject functionality. For more information, see GetObject.
-
Range: Although you can specify a scan range for an Amazon S3 Select request (see SelectObjectContentRequest - ScanRange in the request parameters), you cannot specify the range of bytes of an object to return.
-
GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes. For more information, about storage classes see Storage Classes in the Amazon S3 User Guide.
Special Errors
For a list of special errors for this operation, see List of SELECT Object Content Error Codes
Related Resources
",
- "UploadPart": "Uploads a part in a multipart upload.
In this operation, you provide part data in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.
You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier, that you must include in your upload part request.
Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
To ensure that data is not corrupted when traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error.
If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).
Note: After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.
For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .
For information on the permissions required to use the multipart upload API, go to Multipart Upload and Permissions in the Amazon S3 User Guide.
Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You have three mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption key (SSE-C). If you choose to provide your own encryption key, the request headers you provide in the request must match the headers you used in the request to initiate the upload by using CreateMultipartUpload. For more information, go to Using Server-Side Encryption in the Amazon S3 User Guide.
Server-side encryption is supported by the S3 Multipart Upload actions. Unless you are using a customer-provided encryption key (SSE-C), you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.
If you requested server-side encryption using a customer-provided encryption key (SSE-C) in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following headers.
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
Special Errors
-
-
Code: NoSuchUpload
-
Cause: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
Related Resources
",
+ "RestoreObject": "Restores an archived copy of an object back into Amazon S3
This action is not supported by Amazon S3 on Outposts.
This action performs the following types of requests:
To use this operation, you must have permissions to perform the s3:RestoreObject action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Querying Archives with Select Requests
You use a select type of request to perform SQL queries on archived objects. The archived objects that are being queried by the select request must be formatted as uncompressed comma-separated values (CSV) files. You can run queries and custom analytics on your archived data without having to restore your data to a hotter Amazon S3 tier. For an overview about select requests, see Querying Archived Objects in the Amazon S3 User Guide.
When making a select request, do the following:
-
Define an output location for the select query's output. This must be an Amazon S3 bucket in the same Amazon Web Services Region as the bucket that contains the archive object that is being queried. The Amazon Web Services account that initiates the job must have permissions to write to the S3 bucket. You can specify the storage class and encryption for the output objects stored in the bucket. For more information about output, see Querying Archived Objects in the Amazon S3 User Guide.
For more information about the S3 structure in the request body, see the following:
-
Define the SQL expression for the SELECT type of restoration for your query in the request body's SelectParameters structure. You can use expressions like the following examples.
-
The following expression returns all records from the specified object.
SELECT * FROM Object
-
Assuming that you are not using any headers for data stored in the object, you can specify columns with positional headers.
SELECT s._1, s._2 FROM Object s WHERE s._3 > 100
-
If you have headers and you set the fileHeaderInfo in the CSV structure in the request body to USE, you can specify headers in the query. (If you set the fileHeaderInfo field to IGNORE, the first row is skipped for the query.) You cannot mix ordinal positions with header column names.
SELECT s.Id, s.FirstName, s.SSN FROM S3Object s
For more information about using SQL with S3 Glacier Select restore, see SQL Reference for Amazon S3 Select and S3 Glacier Select in the Amazon S3 User Guide.
When making a select request, you can also do the following:
-
To expedite your queries, specify the Expedited tier. For more information about tiers, see \"Restoring Archives,\" later in this topic.
-
Specify details about the data serialization format of both the input object that is being queried and the serialization of the CSV-encoded query results.
The following are additional important facts about the select feature:
-
The output results are new Amazon S3 objects. Unlike archive retrievals, they are stored until explicitly deleted-manually or through a lifecycle policy.
-
You can issue more than one select request on the same Amazon S3 object. Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests.
-
Amazon S3 accepts a select request even if the object has already been restored. A select request doesn’t return error response 409.
Restoring objects
Objects that you archive to the S3 Glacier or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers are not accessible in real time. For objects in Archive Access or Deep Archive Access tiers you must first initiate a restore request, and then wait until the object is moved into the Frequent Access tier. For objects in S3 Glacier or S3 Glacier Deep Archive storage classes you must first initiate a restore request, and then wait until a temporary copy of the object is available. To access an archived object, you must restore the object for the duration (number of days) that you specify.
To restore a specific object version, you can provide a version ID. If you don't provide a version ID, Amazon S3 restores the current version.
When restoring an archived object (or using a select request), you can specify one of the following data access tier options in the Tier element of the request body:
-
Expedited - Expedited retrievals allow you to quickly access your data stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier when occasional urgent requests for a subset of archives are required. For all but the largest archived objects (250 MB+), data accessed using Expedited retrievals is typically made available within 1–5 minutes. Provisioned capacity ensures that retrieval capacity for Expedited retrievals is available when you need it. Expedited retrievals and provisioned capacity are not available for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.
-
Standard - Standard retrievals allow you to access any of your archived objects within several hours. This is the default option for retrieval requests that do not specify the retrieval option. Standard retrievals typically finish within 3–5 hours for objects stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 12 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects stored in S3 Intelligent-Tiering.
-
Bulk - Bulk retrievals are the lowest-cost retrieval option in S3 Glacier, enabling you to retrieve large amounts, even petabytes, of data inexpensively. Bulk retrievals typically finish within 5–12 hours for objects stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 48 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Bulk retrievals are free for objects stored in S3 Intelligent-Tiering.
For more information about archive retrieval options and provisioned capacity for Expedited data access, see Restoring Archived Objects in the Amazon S3 User Guide.
You can use Amazon S3 restore speed upgrade to change the restore speed to a faster speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the Amazon S3 User Guide.
To get the status of object restoration, you can send a HEAD request. Operations return the x-amz-restore header, which provides information about the restoration status, in the response. You can use Amazon S3 event notifications to notify you when a restore is initiated or completed. For more information, see Configuring Amazon S3 Event Notifications in the Amazon S3 User Guide.
After restoring an archived object, you can update the restoration period by reissuing the request with a new period. Amazon S3 updates the restoration period relative to the current time and charges only for the request-there are no data transfer charges. You cannot update the restoration period when Amazon S3 is actively processing your current restore request for the object.
If your bucket has a lifecycle configuration with a rule that includes an expiration action, the object expiration overrides the life span that you specify in a restore request. For example, if you restore an object copy for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes the object in 3 days. For more information about lifecycle configuration, see PutBucketLifecycleConfiguration and Object Lifecycle Management in Amazon S3 User Guide.
Responses
A successful action returns either the 200 OK or 202 Accepted status code.
-
If the object is not previously restored, then Amazon S3 returns 202 Accepted in the response.
-
If the object is previously restored, Amazon S3 returns 200 OK in the response.
Special Errors
-
-
Code: RestoreAlreadyInProgress
-
Cause: Object restore is already in progress. (This error does not apply to SELECT type requests.)
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: GlacierExpeditedRetrievalNotAvailable
-
Cause: expedited retrievals are currently not available. Try again later. (Returned if there is insufficient capacity to process the Expedited request. This error applies only to Expedited retrievals and not to S3 Standard or Bulk retrievals.)
-
HTTP Status Code: 503
-
SOAP Fault Code Prefix: N/A
Related Resources
",
+ "SelectObjectContent": "This action filters the contents of an Amazon S3 object based on a simple structured query language (SQL) statement. In the request, along with the SQL expression, you must also specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse object data into records, and returns only records that match the specified SQL expression. You must also specify the data serialization format for the response.
This action is not supported by Amazon S3 on Outposts.
For more information about Amazon S3 Select, see Selecting Content from Objects and SELECT Command in the Amazon S3 User Guide.
For more information about using SQL with Amazon S3 Select, see SQL Reference for Amazon S3 Select and S3 Glacier Select in the Amazon S3 User Guide.
Permissions
You must have s3:GetObject permission for this operation. Amazon S3 Select does not support anonymous access. For more information about permissions, see Specifying Permissions in a Policy in the Amazon S3 User Guide.
Object Data Formats
You can use Amazon S3 Select to query objects that have the following format properties:
-
CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format.
-
UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports.
-
GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are the only compression formats that Amazon S3 Select supports for CSV and JSON files. Amazon S3 Select supports columnar compression for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object compression for Parquet objects.
-
Server-side encryption - Amazon S3 Select supports querying objects that are protected with server-side encryption.
For objects that are encrypted with customer-provided encryption keys (SSE-C), you must use HTTPS, and you must use the headers that are documented in the GetObject. For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.
For objects that are encrypted with Amazon S3 managed encryption keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side encryption is handled transparently, so you don't need to specify anything. For more information about server-side encryption, including SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption in the Amazon S3 User Guide.
Working with the Response Body
Given the response size is unknown, Amazon S3 Select streams the response as a series of messages and includes a Transfer-Encoding header with chunked as its value in the response. For more information, see Appendix: SelectObjectContent Response.
GetObject Support
The SelectObjectContent action does not support the following GetObject functionality. For more information, see GetObject.
-
Range: Although you can specify a scan range for an Amazon S3 Select request (see SelectObjectContentRequest - ScanRange in the request parameters), you cannot specify the range of bytes of an object to return.
-
GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes. For more information, about storage classes see Storage Classes in the Amazon S3 User Guide.
Special Errors
For a list of special errors for this operation, see List of SELECT Object Content Error Codes
Related Resources
",
+ "UploadPart": "Uploads a part in a multipart upload.
In this operation, you provide part data in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.
You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier, that you must include in your upload part request.
Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
To ensure that data is not corrupted when traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error.
If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).
Note: After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.
For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .
For information on the permissions required to use the multipart upload API, go to Multipart Upload and Permissions in the Amazon S3 User Guide.
You can optionally request server-side encryption where Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when you access it. You have the option of providing your own encryption key, or you can use the Amazon Web Services managed encryption keys. If you choose to provide your own encryption key, the request headers you provide in the request must match the headers you used in the request to initiate the upload by using CreateMultipartUpload. For more information, go to Using Server-Side Encryption in the Amazon S3 User Guide.
Server-side encryption is supported by the S3 Multipart Upload actions. Unless you are using a customer-provided encryption key, you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.
If you requested server-side encryption using a customer-provided encryption key in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following headers.
-
x-amz-server-side-encryption-customer-algorithm
-
x-amz-server-side-encryption-customer-key
-
x-amz-server-side-encryption-customer-key-MD5
Special Errors
-
-
Code: NoSuchUpload
-
Cause: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
Related Resources
",
"UploadPartCopy": "Uploads a part by copying data from an existing object as data source. You specify the data source by adding the request header x-amz-copy-source in your request and a byte range by adding the request header x-amz-copy-source-range in your request.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
Instead of using an existing object as part data, you might use the UploadPart action and provide data in your request.
You must initiate a multipart upload before you can upload any part. In response to your initiate request. Amazon S3 returns a unique identifier, the upload ID, that you must include in your upload part request.
For more information about using the UploadPartCopy operation, see the following:
-
For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.
-
For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.
-
For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.
-
For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.
Note the following additional considerations about the request headers x-amz-copy-source-if-match, x-amz-copy-source-if-none-match, x-amz-copy-source-if-unmodified-since, and x-amz-copy-source-if-modified-since:
-
Consideration 1 - If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since headers are present in the request as follows:
x-amz-copy-source-if-match condition evaluates to true, and;
x-amz-copy-source-if-unmodified-since condition evaluates to false;
Amazon S3 returns 200 OK and copies the data.
-
Consideration 2 - If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since headers are present in the request as follows:
x-amz-copy-source-if-none-match condition evaluates to false, and;
x-amz-copy-source-if-modified-since condition evaluates to true;
Amazon S3 returns 412 Precondition Failed response code.
Versioning
If your bucket has versioning enabled, you could have multiple versions of the same object. By default, x-amz-copy-source identifies the current version of the object to copy. If the current version is a delete marker and you don't specify a versionId in the x-amz-copy-source, Amazon S3 returns a 404 error, because the object does not exist. If you specify versionId in the x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns an HTTP 400 error, because you are not allowed to specify a delete marker as a version for the x-amz-copy-source.
You can optionally specify a specific version of the source object to copy by adding the versionId subresource as shown in the following example:
x-amz-copy-source: /bucket/object?versionId=version id
Special Errors
-
-
Code: NoSuchUpload
-
Cause: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
-
HTTP Status Code: 404 Not Found
-
Related Resources
",
"WriteGetObjectResponse": "Passes transformed objects to a GetObject operation when using Object Lambda access points. For information about Object Lambda access points, see Transforming objects with Object Lambda access points in the Amazon S3 User Guide.
This operation supports metadata that can be returned by GetObject, in addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage. The GetObject response metadata is supported so that the WriteGetObjectResponse caller, typically an Lambda function, can provide the same metadata when it internally invokes GetObject. When WriteGetObjectResponse is called by a customer-owned Lambda function, the metadata returned to the end user GetObject call might differ from what Amazon S3 would normally return.
You can include any number of metadata headers. When including a metadata header, it should be prefaced with x-amz-meta. For example, x-amz-meta-my-custom-header: MyCustomValue. The primary use case for this is to forward GetObject metadata.
Amazon Web Services provides some prebuilt Lambda functions that you can use with S3 Object Lambda to detect and redact personally identifiable information (PII) and decompress S3 objects. These Lambda functions are available in the Amazon Web Services Serverless Application Repository, and can be selected through the Amazon Web Services Management Console when you create your Object Lambda access point.
Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically detects personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.
Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically redacts personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.
Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 in one of six compressed file formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.
For information on how to view and use these functions, see Using Amazon Web Services built Lambda functions in the Amazon S3 User Guide.
"
},
@@ -453,15 +453,15 @@
"BucketName": {
"base": null,
"refs": {
- "AbortMultipartUploadRequest$Bucket": "The bucket name to which the upload was taking place.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "AbortMultipartUploadRequest$Bucket": "The bucket name to which the upload was taking place.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"AnalyticsS3BucketDestination$Bucket": "The Amazon Resource Name (ARN) of the bucket to which data is exported.
",
"Bucket$Name": "The name of the bucket.
",
- "CompleteMultipartUploadOutput$Bucket": "The name of the bucket that contains the newly created object. Does not return the access point ARN or access point alias if used.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
- "CompleteMultipartUploadRequest$Bucket": "Name of the bucket to which the multipart upload was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
- "CopyObjectRequest$Bucket": "The name of the destination bucket.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "CompleteMultipartUploadOutput$Bucket": "The name of the bucket that contains the newly created object. Does not return the access point ARN or access point alias if used.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
+ "CompleteMultipartUploadRequest$Bucket": "Name of the bucket to which the multipart upload was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
+ "CopyObjectRequest$Bucket": "The name of the destination bucket.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"CreateBucketRequest$Bucket": "The name of the bucket to create.
",
- "CreateMultipartUploadOutput$Bucket": "The name of the bucket to which the multipart upload was initiated. Does not return the access point ARN or access point alias if used.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
- "CreateMultipartUploadRequest$Bucket": "The name of the bucket to which to initiate the upload
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "CreateMultipartUploadOutput$Bucket": "The name of the bucket to which the multipart upload was initiated. Does not return the access point ARN or access point alias if used.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
+ "CreateMultipartUploadRequest$Bucket": "The name of the bucket to which to initiate the upload
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"DeleteBucketAnalyticsConfigurationRequest$Bucket": "The name of the bucket from which an analytics configuration is deleted.
",
"DeleteBucketCorsRequest$Bucket": "Specifies the bucket whose cors configuration is being deleted.
",
"DeleteBucketEncryptionRequest$Bucket": "The name of the bucket containing the server-side encryption configuration to delete.
",
@@ -475,9 +475,9 @@
"DeleteBucketRequest$Bucket": "Specifies the bucket being deleted.
",
"DeleteBucketTaggingRequest$Bucket": "The bucket that has the tag set to be removed.
",
"DeleteBucketWebsiteRequest$Bucket": "The bucket name for which you want to remove the website configuration.
",
- "DeleteObjectRequest$Bucket": "The bucket name of the bucket containing the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
- "DeleteObjectTaggingRequest$Bucket": "The bucket name containing the objects from which to remove the tags.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
- "DeleteObjectsRequest$Bucket": "The bucket name containing the objects to delete.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "DeleteObjectRequest$Bucket": "The bucket name of the bucket containing the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
+ "DeleteObjectTaggingRequest$Bucket": "The bucket name containing the objects from which to remove the tags.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
+ "DeleteObjectsRequest$Bucket": "The bucket name containing the objects to delete.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"DeletePublicAccessBlockRequest$Bucket": "The Amazon S3 bucket whose PublicAccessBlock configuration you want to delete.
",
"Destination$Bucket": " The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to store the results.
",
"GetBucketAccelerateConfigurationRequest$Bucket": "The name of the bucket for which the accelerate configuration is retrieved.
",
@@ -502,36 +502,36 @@
"GetBucketVersioningRequest$Bucket": "The name of the bucket for which to get the versioning information.
",
"GetBucketWebsiteRequest$Bucket": "The bucket name for which to get the website configuration.
",
"GetObjectAclRequest$Bucket": "The bucket name that contains the object for which to get the ACL information.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
",
- "GetObjectAttributesRequest$Bucket": "The name of the bucket that contains the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "GetObjectAttributesRequest$Bucket": "The name of the bucket that contains the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"GetObjectLegalHoldRequest$Bucket": "The bucket name containing the object whose legal hold status you want to retrieve.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
",
"GetObjectLockConfigurationRequest$Bucket": "The bucket whose Object Lock configuration you want to retrieve.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
",
- "GetObjectRequest$Bucket": "The bucket name containing the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "GetObjectRequest$Bucket": "The bucket name containing the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"GetObjectRetentionRequest$Bucket": "The bucket name containing the object whose retention settings you want to retrieve.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
",
- "GetObjectTaggingRequest$Bucket": "The bucket name containing the object for which to get the tagging information.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "GetObjectTaggingRequest$Bucket": "The bucket name containing the object for which to get the tagging information.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"GetObjectTorrentRequest$Bucket": "The name of the bucket containing the object for which to get the torrent files.
",
"GetPublicAccessBlockRequest$Bucket": "The name of the Amazon S3 bucket whose PublicAccessBlock configuration you want to retrieve.
",
- "HeadBucketRequest$Bucket": "The bucket name.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
- "HeadObjectRequest$Bucket": "The name of the bucket containing the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "HeadBucketRequest$Bucket": "The bucket name.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
+ "HeadObjectRequest$Bucket": "The name of the bucket containing the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"InventoryS3BucketDestination$Bucket": "The Amazon Resource Name (ARN) of the bucket where inventory results will be published.
",
"ListBucketAnalyticsConfigurationsRequest$Bucket": "The name of the bucket from which analytics configurations are retrieved.
",
"ListBucketIntelligentTieringConfigurationsRequest$Bucket": "The name of the Amazon S3 bucket whose configuration you want to modify or retrieve.
",
"ListBucketInventoryConfigurationsRequest$Bucket": "The name of the bucket containing the inventory configurations to retrieve.
",
"ListBucketMetricsConfigurationsRequest$Bucket": "The name of the bucket containing the metrics configurations to retrieve.
",
"ListMultipartUploadsOutput$Bucket": "The name of the bucket to which the multipart upload was initiated. Does not return the access point ARN or access point alias if used.
",
- "ListMultipartUploadsRequest$Bucket": "The name of the bucket to which the multipart upload was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "ListMultipartUploadsRequest$Bucket": "The name of the bucket to which the multipart upload was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"ListObjectVersionsOutput$Name": "The bucket name.
",
"ListObjectVersionsRequest$Bucket": "The bucket name that contains the objects.
",
"ListObjectsOutput$Name": "The bucket name.
",
- "ListObjectsRequest$Bucket": "The name of the bucket containing the objects.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
- "ListObjectsV2Output$Name": "The bucket name.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
- "ListObjectsV2Request$Bucket": "Bucket name to list.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "ListObjectsRequest$Bucket": "The name of the bucket containing the objects.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
+ "ListObjectsV2Output$Name": "The bucket name.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
+ "ListObjectsV2Request$Bucket": "Bucket name to list.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"ListPartsOutput$Bucket": "The name of the bucket to which the multipart upload was initiated. Does not return the access point ARN or access point alias if used.
",
- "ListPartsRequest$Bucket": "The name of the bucket to which the parts are being uploaded.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "ListPartsRequest$Bucket": "The name of the bucket to which the parts are being uploaded.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"PutBucketAccelerateConfigurationRequest$Bucket": "The name of the bucket for which the accelerate configuration is set.
",
"PutBucketAclRequest$Bucket": "The bucket to which to apply the ACL.
",
"PutBucketAnalyticsConfigurationRequest$Bucket": "The name of the bucket to which an analytics configuration is stored.
",
"PutBucketCorsRequest$Bucket": "Specifies the bucket impacted by the corsconfiguration.
",
- "PutBucketEncryptionRequest$Bucket": "Specifies default encryption for a bucket using server-side encryption with different key options. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally configure default encryption for a bucket by using server-side encryption with an Amazon Web Services KMS key (SSE-KMS) or a customer-provided key (SSE-C). For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
",
+ "PutBucketEncryptionRequest$Bucket": "Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). For information about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket Encryption in the Amazon S3 User Guide.
",
"PutBucketIntelligentTieringConfigurationRequest$Bucket": "The name of the Amazon S3 bucket whose configuration you want to modify or retrieve.
",
"PutBucketInventoryConfigurationRequest$Bucket": "The name of the bucket where the inventory configuration will be stored.
",
"PutBucketLifecycleConfigurationRequest$Bucket": "The name of the bucket for which to set the configuration.
",
@@ -550,15 +550,15 @@
"PutObjectAclRequest$Bucket": "The bucket name that contains the object to which you want to attach the ACL.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
",
"PutObjectLegalHoldRequest$Bucket": "The bucket name containing the object that you want to place a legal hold on.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
",
"PutObjectLockConfigurationRequest$Bucket": "The bucket whose Object Lock configuration you want to create or replace.
",
- "PutObjectRequest$Bucket": "The bucket name to which the PUT action was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "PutObjectRequest$Bucket": "The bucket name to which the PUT action was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"PutObjectRetentionRequest$Bucket": "The bucket name that contains the object you want to apply this Object Retention configuration to.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
",
- "PutObjectTaggingRequest$Bucket": "The bucket name containing the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "PutObjectTaggingRequest$Bucket": "The bucket name containing the object.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"PutPublicAccessBlockRequest$Bucket": "The name of the Amazon S3 bucket whose PublicAccessBlock configuration you want to set.
",
- "RestoreObjectRequest$Bucket": "The bucket name containing the object to restore.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "RestoreObjectRequest$Bucket": "The bucket name containing the object to restore.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"S3Location$BucketName": "The name of the bucket where the restore results will be placed.
",
"SelectObjectContentRequest$Bucket": "The S3 bucket.
",
- "UploadPartCopyRequest$Bucket": "The bucket name.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
- "UploadPartRequest$Bucket": "The name of the bucket to which the multipart upload was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
"
+ "UploadPartCopyRequest$Bucket": "The bucket name.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
+ "UploadPartRequest$Bucket": "The name of the bucket to which the multipart upload was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
"
}
},
"BucketVersioningStatus": {
@@ -801,13 +801,13 @@
"Code": {
"base": null,
"refs": {
- "Error$Code": "The error code is a string that uniquely identifies an error condition. It is meant to be read and understood by programs that detect and handle errors by type.
Amazon S3 error codes
-
-
Code: AccessDenied
-
Description: Access Denied
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: AccountProblem
-
Description: There is a problem with your Amazon Web Services account that prevents the action from completing successfully. Contact Amazon Web Services Support for further assistance.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: AllAccessDisabled
-
Description: All access to this Amazon S3 resource has been disabled. Contact Amazon Web Services Support for further assistance.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: AmbiguousGrantByEmailAddress
-
Description: The email address you provided is associated with more than one account.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: AuthorizationHeaderMalformed
-
Description: The authorization header you provided is invalid.
-
HTTP Status Code: 400 Bad Request
-
HTTP Status Code: N/A
-
-
Code: BadDigest
-
Description: The Content-MD5 you specified did not match what we received.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: BucketAlreadyExists
-
Description: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: BucketAlreadyOwnedByYou
-
Description: The bucket you tried to create already exists, and you own it. Amazon S3 returns this error in all Amazon Web Services Regions except in the North Virginia Region. For legacy compatibility, if you re-create an existing bucket that you already own in the North Virginia Region, Amazon S3 returns 200 OK and resets the bucket access control lists (ACLs).
-
Code: 409 Conflict (in all Regions except the North Virginia Region)
-
SOAP Fault Code Prefix: Client
-
-
Code: BucketNotEmpty
-
Description: The bucket you tried to delete is not empty.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: CredentialsNotSupported
-
Description: This request does not support credentials.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: CrossLocationLoggingProhibited
-
Description: Cross-location logging not allowed. Buckets in one geographic location cannot log information to a bucket in another location.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: EntityTooSmall
-
Description: Your proposed upload is smaller than the minimum allowed object size.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: EntityTooLarge
-
Description: Your proposed upload exceeds the maximum allowed object size.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: ExpiredToken
-
Description: The provided token has expired.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: IllegalVersioningConfigurationException
-
Description: Indicates that the versioning configuration specified in the request is invalid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: IncompleteBody
-
Description: You did not provide the number of bytes specified by the Content-Length HTTP header
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: IncorrectNumberOfFilesInPostRequest
-
Description: POST requires exactly one file upload per request.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InlineDataTooLarge
-
Description: Inline data exceeds the maximum allowed size.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InternalError
-
Description: We encountered an internal error. Please try again.
-
HTTP Status Code: 500 Internal Server Error
-
SOAP Fault Code Prefix: Server
-
-
Code: InvalidAccessKeyId
-
Description: The Amazon Web Services access key ID you provided does not exist in our records.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidAddressingHeader
-
Description: You must specify the Anonymous role.
-
HTTP Status Code: N/A
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidArgument
-
Description: Invalid Argument
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidBucketName
-
Description: The specified bucket is not valid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidBucketState
-
Description: The request is not valid with the current state of the bucket.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidDigest
-
Description: The Content-MD5 you specified is not valid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidEncryptionAlgorithmError
-
Description: The encryption request you specified is not valid. The valid value is AES256.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidLocationConstraint
-
Description: The specified location constraint is not valid. For more information about Regions, see How to Select a Region for Your Buckets.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidObjectState
-
Description: The action is not valid for the current state of the object.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidPart
-
Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidPartOrder
-
Description: The list of parts was not in ascending order. Parts list must be specified in order by part number.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidPayer
-
Description: All access to this object has been disabled. Please contact Amazon Web Services Support for further assistance.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidPolicyDocument
-
Description: The content of the form does not meet the conditions specified in the policy document.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidRange
-
Description: The requested range cannot be satisfied.
-
HTTP Status Code: 416 Requested Range Not Satisfiable
-
SOAP Fault Code Prefix: Client
-
-
-
Code: InvalidRequest
-
Description: SOAP requests must be made over an HTTPS connection.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
-
-
-
-
-
-
-
Code: InvalidSecurity
-
Description: The provided security credentials are not valid.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidSOAPRequest
-
Description: The SOAP request body is invalid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidStorageClass
-
Description: The storage class you specified is not valid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidTargetBucketForLogging
-
Description: The target bucket for logging does not exist, is not owned by you, or does not have the appropriate grants for the log-delivery group.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidToken
-
Description: The provided token is malformed or otherwise invalid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidURI
-
Description: Couldn't parse the specified URI.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: KeyTooLongError
-
Description: Your key is too long.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MalformedACLError
-
Description: The XML you provided was not well-formed or did not validate against our published schema.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MalformedPOSTRequest
-
Description: The body of your POST request is not well-formed multipart/form-data.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MalformedXML
-
Description: This happens when the user sends malformed XML (XML that doesn't conform to the published XSD) for the configuration. The error message is, \"The XML you provided was not well-formed or did not validate against our published schema.\"
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MaxMessageLengthExceeded
-
Description: Your request was too big.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MaxPostPreDataLengthExceededError
-
Description: Your POST request fields preceding the upload file were too large.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MetadataTooLarge
-
Description: Your metadata headers exceed the maximum allowed metadata size.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MethodNotAllowed
-
Description: The specified method is not allowed against this resource.
-
HTTP Status Code: 405 Method Not Allowed
-
SOAP Fault Code Prefix: Client
-
-
-
Code: MissingContentLength
-
Description: You must provide the Content-Length HTTP header.
-
HTTP Status Code: 411 Length Required
-
SOAP Fault Code Prefix: Client
-
-
Code: MissingRequestBodyError
-
Description: This happens when the user sends an empty XML document as a request. The error message is, \"Request body is empty.\"
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MissingSecurityElement
-
Description: The SOAP 1.1 request is missing a security element.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MissingSecurityHeader
-
Description: Your request is missing a required header.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: NoLoggingStatusForKey
-
Description: There is no such thing as a logging status subresource for a key.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchBucket
-
Description: The specified bucket does not exist.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchBucketPolicy
-
Description: The specified bucket does not have a bucket policy.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchKey
-
Description: The specified key does not exist.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchLifecycleConfiguration
-
Description: The lifecycle configuration does not exist.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchUpload
-
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchVersion
-
Description: Indicates that the version ID specified in the request does not match an existing version.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NotImplemented
-
Description: A header you provided implies functionality that is not implemented.
-
HTTP Status Code: 501 Not Implemented
-
SOAP Fault Code Prefix: Server
-
-
Code: NotSignedUp
-
Description: Your account is not signed up for the Amazon S3 service. You must sign up before you can use Amazon S3. You can sign up at the following URL: Amazon S3
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: OperationAborted
-
Description: A conflicting conditional action is currently in progress against this resource. Try again.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: PermanentRedirect
-
Description: The bucket you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.
-
HTTP Status Code: 301 Moved Permanently
-
SOAP Fault Code Prefix: Client
-
-
Code: PreconditionFailed
-
Description: At least one of the preconditions you specified did not hold.
-
HTTP Status Code: 412 Precondition Failed
-
SOAP Fault Code Prefix: Client
-
-
Code: Redirect
-
Description: Temporary redirect.
-
HTTP Status Code: 307 Moved Temporarily
-
SOAP Fault Code Prefix: Client
-
-
Code: RestoreAlreadyInProgress
-
Description: Object restore is already in progress.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: RequestIsNotMultiPartContent
-
Description: Bucket POST must be of the enclosure-type multipart/form-data.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: RequestTimeout
-
Description: Your socket connection to the server was not read from or written to within the timeout period.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: RequestTimeTooSkewed
-
Description: The difference between the request time and the server's time is too large.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: RequestTorrentOfBucketError
-
Description: Requesting the torrent file of a bucket is not permitted.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: SignatureDoesNotMatch
-
Description: The request signature we calculated does not match the signature you provided. Check your Amazon Web Services secret access key and signing method. For more information, see REST Authentication and SOAP Authentication for details.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: ServiceUnavailable
-
Description: Service is unable to handle request.
-
HTTP Status Code: 503 Service Unavailable
-
SOAP Fault Code Prefix: Server
-
-
Code: SlowDown
-
Description: Reduce your request rate.
-
HTTP Status Code: 503 Slow Down
-
SOAP Fault Code Prefix: Server
-
-
Code: TemporaryRedirect
-
Description: You are being redirected to the bucket while DNS updates.
-
HTTP Status Code: 307 Moved Temporarily
-
SOAP Fault Code Prefix: Client
-
-
Code: TokenRefreshRequired
-
Description: The provided token must be refreshed.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: TooManyBuckets
-
Description: You have attempted to create more buckets than allowed.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: UnexpectedContent
-
Description: This request does not support content.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: UnresolvableGrantByEmailAddress
-
Description: The email address you provided does not match any account on record.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: UserKeyMustBeSpecified
-
Description: The bucket POST must contain the specified field name. If it is specified, check the order of the fields.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
"
+ "Error$Code": "The error code is a string that uniquely identifies an error condition. It is meant to be read and understood by programs that detect and handle errors by type.
Amazon S3 error codes
-
-
Code: AccessDenied
-
Description: Access Denied
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: AccountProblem
-
Description: There is a problem with your Amazon Web Services account that prevents the action from completing successfully. Contact Amazon Web Services Support for further assistance.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: AllAccessDisabled
-
Description: All access to this Amazon S3 resource has been disabled. Contact Amazon Web Services Support for further assistance.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: AmbiguousGrantByEmailAddress
-
Description: The email address you provided is associated with more than one account.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: AuthorizationHeaderMalformed
-
Description: The authorization header you provided is invalid.
-
HTTP Status Code: 400 Bad Request
-
HTTP Status Code: N/A
-
-
Code: BadDigest
-
Description: The Content-MD5 you specified did not match what we received.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: BucketAlreadyExists
-
Description: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: BucketAlreadyOwnedByYou
-
Description: The bucket you tried to create already exists, and you own it. Amazon S3 returns this error in all Amazon Web Services Regions except in the North Virginia Region. For legacy compatibility, if you re-create an existing bucket that you already own in the North Virginia Region, Amazon S3 returns 200 OK and resets the bucket access control lists (ACLs).
-
Code: 409 Conflict (in all Regions except the North Virginia Region)
-
SOAP Fault Code Prefix: Client
-
-
Code: BucketNotEmpty
-
Description: The bucket you tried to delete is not empty.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: CredentialsNotSupported
-
Description: This request does not support credentials.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: CrossLocationLoggingProhibited
-
Description: Cross-location logging not allowed. Buckets in one geographic location cannot log information to a bucket in another location.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: EntityTooSmall
-
Description: Your proposed upload is smaller than the minimum allowed object size.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: EntityTooLarge
-
Description: Your proposed upload exceeds the maximum allowed object size.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: ExpiredToken
-
Description: The provided token has expired.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: IllegalVersioningConfigurationException
-
Description: Indicates that the versioning configuration specified in the request is invalid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: IncompleteBody
-
Description: You did not provide the number of bytes specified by the Content-Length HTTP header
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: IncorrectNumberOfFilesInPostRequest
-
Description: POST requires exactly one file upload per request.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InlineDataTooLarge
-
Description: Inline data exceeds the maximum allowed size.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InternalError
-
Description: We encountered an internal error. Please try again.
-
HTTP Status Code: 500 Internal Server Error
-
SOAP Fault Code Prefix: Server
-
-
Code: InvalidAccessKeyId
-
Description: The Amazon Web Services access key ID you provided does not exist in our records.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidAddressingHeader
-
Description: You must specify the Anonymous role.
-
HTTP Status Code: N/A
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidArgument
-
Description: Invalid Argument
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidBucketName
-
Description: The specified bucket is not valid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidBucketState
-
Description: The request is not valid with the current state of the bucket.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidDigest
-
Description: The Content-MD5 you specified is not valid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidEncryptionAlgorithmError
-
Description: The encryption request you specified is not valid. The valid value is AES256.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidLocationConstraint
-
Description: The specified location constraint is not valid. For more information about Regions, see How to Select a Region for Your Buckets.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidObjectState
-
Description: The action is not valid for the current state of the object.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidPart
-
Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidPartOrder
-
Description: The list of parts was not in ascending order. Parts list must be specified in order by part number.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidPayer
-
Description: All access to this object has been disabled. Please contact Amazon Web Services Support for further assistance.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidPolicyDocument
-
Description: The content of the form does not meet the conditions specified in the policy document.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidRange
-
Description: The requested range cannot be satisfied.
-
HTTP Status Code: 416 Requested Range Not Satisfiable
-
SOAP Fault Code Prefix: Client
-
-
-
Code: InvalidRequest
-
Description: SOAP requests must be made over an HTTPS connection.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
-
-
-
-
-
-
-
Code: InvalidSecurity
-
Description: The provided security credentials are not valid.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidSOAPRequest
-
Description: The SOAP request body is invalid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidStorageClass
-
Description: The storage class you specified is not valid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidTargetBucketForLogging
-
Description: The target bucket for logging does not exist, is not owned by you, or does not have the appropriate grants for the log-delivery group.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidToken
-
Description: The provided token is malformed or otherwise invalid.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: InvalidURI
-
Description: Couldn't parse the specified URI.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: KeyTooLongError
-
Description: Your key is too long.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MalformedACLError
-
Description: The XML you provided was not well-formed or did not validate against our published schema.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MalformedPOSTRequest
-
Description: The body of your POST request is not well-formed multipart/form-data.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MalformedXML
-
Description: This happens when the user sends malformed XML (XML that doesn't conform to the published XSD) for the configuration. The error message is, \"The XML you provided was not well-formed or did not validate against our published schema.\"
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MaxMessageLengthExceeded
-
Description: Your request was too big.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MaxPostPreDataLengthExceededError
-
Description: Your POST request fields preceding the upload file were too large.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MetadataTooLarge
-
Description: Your metadata headers exceed the maximum allowed metadata size.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MethodNotAllowed
-
Description: The specified method is not allowed against this resource.
-
HTTP Status Code: 405 Method Not Allowed
-
SOAP Fault Code Prefix: Client
-
-
-
Code: MissingContentLength
-
Description: You must provide the Content-Length HTTP header.
-
HTTP Status Code: 411 Length Required
-
SOAP Fault Code Prefix: Client
-
-
Code: MissingRequestBodyError
-
Description: This happens when the user sends an empty XML document as a request. The error message is, \"Request body is empty.\"
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MissingSecurityElement
-
Description: The SOAP 1.1 request is missing a security element.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: MissingSecurityHeader
-
Description: Your request is missing a required header.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: NoLoggingStatusForKey
-
Description: There is no such thing as a logging status subresource for a key.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchBucket
-
Description: The specified bucket does not exist.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchBucketPolicy
-
Description: The specified bucket does not have a bucket policy.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchKey
-
Description: The specified key does not exist.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchLifecycleConfiguration
-
Description: The lifecycle configuration does not exist.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchUpload
-
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NoSuchVersion
-
Description: Indicates that the version ID specified in the request does not match an existing version.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
-
Code: NotImplemented
-
Description: A header you provided implies functionality that is not implemented.
-
HTTP Status Code: 501 Not Implemented
-
SOAP Fault Code Prefix: Server
-
-
Code: NotSignedUp
-
Description: Your account is not signed up for the Amazon S3 service. You must sign up before you can use Amazon S3. You can sign up at the following URL: Amazon S3
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: OperationAborted
-
Description: A conflicting conditional action is currently in progress against this resource. Try again.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: PermanentRedirect
-
Description: The bucket you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.
-
HTTP Status Code: 301 Moved Permanently
-
SOAP Fault Code Prefix: Client
-
-
Code: PreconditionFailed
-
Description: At least one of the preconditions you specified did not hold.
-
HTTP Status Code: 412 Precondition Failed
-
SOAP Fault Code Prefix: Client
-
-
Code: Redirect
-
Description: Temporary redirect.
-
HTTP Status Code: 307 Moved Temporarily
-
SOAP Fault Code Prefix: Client
-
-
Code: RestoreAlreadyInProgress
-
Description: Object restore is already in progress.
-
HTTP Status Code: 409 Conflict
-
SOAP Fault Code Prefix: Client
-
-
Code: RequestIsNotMultiPartContent
-
Description: Bucket POST must be of the enclosure-type multipart/form-data.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: RequestTimeout
-
Description: Your socket connection to the server was not read from or written to within the timeout period.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: RequestTimeTooSkewed
-
Description: The difference between the request time and the server's time is too large.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: RequestTorrentOfBucketError
-
Description: Requesting the torrent file of a bucket is not permitted.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: SignatureDoesNotMatch
-
Description: The request signature we calculated does not match the signature you provided. Check your Amazon Web Services secret access key and signing method. For more information, see REST Authentication and SOAP Authentication for details.
-
HTTP Status Code: 403 Forbidden
-
SOAP Fault Code Prefix: Client
-
-
Code: ServiceUnavailable
-
Description: Reduce your request rate.
-
HTTP Status Code: 503 Service Unavailable
-
SOAP Fault Code Prefix: Server
-
-
Code: SlowDown
-
Description: Reduce your request rate.
-
HTTP Status Code: 503 Slow Down
-
SOAP Fault Code Prefix: Server
-
-
Code: TemporaryRedirect
-
Description: You are being redirected to the bucket while DNS updates.
-
HTTP Status Code: 307 Moved Temporarily
-
SOAP Fault Code Prefix: Client
-
-
Code: TokenRefreshRequired
-
Description: The provided token must be refreshed.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: TooManyBuckets
-
Description: You have attempted to create more buckets than allowed.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: UnexpectedContent
-
Description: This request does not support content.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: UnresolvableGrantByEmailAddress
-
Description: The email address you provided does not match any account on record.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
-
-
Code: UserKeyMustBeSpecified
-
Description: The bucket POST must contain the specified field name. If it is specified, check the order of the fields.
-
HTTP Status Code: 400 Bad Request
-
SOAP Fault Code Prefix: Client
"
}
},
"Comments": {
"base": null,
"refs": {
- "CSVInput$Comments": "A single character used to indicate that a row should be ignored when the character is present at the start of that row. You can specify any character to indicate a comment line. The default character is #.
Default: #
"
+ "CSVInput$Comments": "A single character used to indicate that a row should be ignored when the character is present at the start of that row. You can specify any character to indicate a comment line.
"
}
},
"CommonPrefix": {
@@ -878,7 +878,7 @@
"CreateMultipartUploadRequest$ContentDisposition": "Specifies presentational information for the object.
",
"GetObjectOutput$ContentDisposition": "Specifies presentational information for the object.
",
"HeadObjectOutput$ContentDisposition": "Specifies presentational information for the object.
",
- "PutObjectRequest$ContentDisposition": "Specifies presentational information for the object. For more information, see https://www.rfc-editor.org/rfc/rfc6266#section-4.
",
+ "PutObjectRequest$ContentDisposition": "Specifies presentational information for the object. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1.
",
"WriteGetObjectResponseRequest$ContentDisposition": "Specifies presentational information for the object.
"
}
},
@@ -889,7 +889,7 @@
"CreateMultipartUploadRequest$ContentEncoding": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
",
"GetObjectOutput$ContentEncoding": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
",
"HeadObjectOutput$ContentEncoding": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
",
- "PutObjectRequest$ContentEncoding": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding.
",
+ "PutObjectRequest$ContentEncoding": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
",
"WriteGetObjectResponseRequest$ContentEncoding": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
"
}
},
@@ -909,7 +909,7 @@
"refs": {
"GetObjectOutput$ContentLength": "Size of the body in bytes.
",
"HeadObjectOutput$ContentLength": "Size of the body in bytes.
",
- "PutObjectRequest$ContentLength": "Size of the body in bytes. This parameter is useful when the size of the body cannot be determined automatically. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length.
",
+ "PutObjectRequest$ContentLength": "Size of the body in bytes. This parameter is useful when the size of the body cannot be determined automatically. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13.
",
"UploadPartRequest$ContentLength": "Size of the body in bytes. This parameter is useful when the size of the body cannot be determined automatically.
",
"WriteGetObjectResponseRequest$ContentLength": "The size of the content body in bytes.
"
}
@@ -954,7 +954,7 @@
"CreateMultipartUploadRequest$ContentType": "A standard MIME type describing the format of the object data.
",
"GetObjectOutput$ContentType": "A standard MIME type describing the format of the object data.
",
"HeadObjectOutput$ContentType": "A standard MIME type describing the format of the object data.
",
- "PutObjectRequest$ContentType": "A standard MIME type describing the format of the contents. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type.
",
+ "PutObjectRequest$ContentType": "A standard MIME type describing the format of the contents. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17.
",
"WriteGetObjectResponseRequest$ContentType": "A standard MIME type describing the format of the object data.
"
}
},
@@ -1307,7 +1307,7 @@
"refs": {
"Grantee$DisplayName": "Screen name of the grantee.
",
"Initiator$DisplayName": "Name of the Principal.
",
- "Owner$DisplayName": "Container for the display name of the owner. This value is only supported in the following Amazon Web Services Regions:
"
+ "Owner$DisplayName": "Container for the display name of the owner.
"
}
},
"ETag": {
@@ -1437,13 +1437,13 @@
"ExistingObjectReplication": {
"base": "Optional configuration to replicate existing source bucket objects. For more information, see Replicating Existing Objects in the Amazon S3 User Guide.
",
"refs": {
- "ReplicationRule$ExistingObjectReplication": "Optional configuration to replicate existing source bucket objects. For more information, see Replicating Existing Objects in the Amazon S3 User Guide.
"
+ "ReplicationRule$ExistingObjectReplication": ""
}
},
"ExistingObjectReplicationStatus": {
"base": null,
"refs": {
- "ExistingObjectReplication$Status": "Specifies whether Amazon S3 replicates existing source bucket objects.
"
+ "ExistingObjectReplication$Status": ""
}
},
"Expiration": {
@@ -1477,7 +1477,7 @@
"CreateMultipartUploadRequest$Expires": "The date and time at which the object is no longer cacheable.
",
"GetObjectOutput$Expires": "The date and time at which the object is no longer cacheable.
",
"HeadObjectOutput$Expires": "The date and time at which the object is no longer cacheable.
",
- "PutObjectRequest$Expires": "The date and time at which the object is no longer cacheable. For more information, see https://www.rfc-editor.org/rfc/rfc7234#section-5.3.
",
+ "PutObjectRequest$Expires": "The date and time at which the object is no longer cacheable. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21.
",
"WriteGetObjectResponseRequest$Expires": "The date and time at which the object is no longer cacheable.
"
}
},
@@ -2241,7 +2241,7 @@
"KeyCount": {
"base": null,
"refs": {
- "ListObjectsV2Output$KeyCount": "KeyCount is the number of keys returned with this request. KeyCount will always be less than or equal to the MaxKeys field. Say you ask for 50 keys, your result will include 50 keys or fewer.
"
+ "ListObjectsV2Output$KeyCount": "KeyCount is the number of keys returned with this request. KeyCount will always be less than or equals to MaxKeys field. Say you ask for 50 keys, your result will include less than equals 50 keys
"
}
},
"KeyMarker": {
@@ -2293,20 +2293,20 @@
}
},
"LifecycleConfiguration": {
- "base": "Container for lifecycle rules. You can add as many as 1000 rules.
For more information see, Managing your storage lifecycle in the Amazon S3 User Guide.
",
+ "base": "Container for lifecycle rules. You can add as many as 1000 rules.
",
"refs": {
"PutBucketLifecycleRequest$LifecycleConfiguration": ""
}
},
"LifecycleExpiration": {
- "base": "Container for the expiration for the lifecycle of the object.
For more information see, Managing your storage lifecycle in the Amazon S3 User Guide.
",
+ "base": "Container for the expiration for the lifecycle of the object.
",
"refs": {
"LifecycleRule$Expiration": "Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
",
"Rule$Expiration": "Specifies the expiration for the lifecycle of the object.
"
}
},
"LifecycleRule": {
- "base": "A lifecycle rule for individual objects in an Amazon S3 bucket.
For more information see, Managing your storage lifecycle in the Amazon S3 User Guide.
",
+ "base": "A lifecycle rule for individual objects in an Amazon S3 bucket.
",
"refs": {
"LifecycleRules$member": null
}
@@ -2583,10 +2583,10 @@
"MetricsId": {
"base": null,
"refs": {
- "DeleteBucketMetricsConfigurationRequest$Id": "The ID used to identify the metrics configuration. The ID has a 64 character limit and can only contain letters, numbers, periods, dashes, and underscores.
",
- "GetBucketMetricsConfigurationRequest$Id": "The ID used to identify the metrics configuration. The ID has a 64 character limit and can only contain letters, numbers, periods, dashes, and underscores.
",
- "MetricsConfiguration$Id": "The ID used to identify the metrics configuration. The ID has a 64 character limit and can only contain letters, numbers, periods, dashes, and underscores.
",
- "PutBucketMetricsConfigurationRequest$Id": "The ID used to identify the metrics configuration. The ID has a 64 character limit and can only contain letters, numbers, periods, dashes, and underscores.
"
+ "DeleteBucketMetricsConfigurationRequest$Id": "The ID used to identify the metrics configuration.
",
+ "GetBucketMetricsConfigurationRequest$Id": "The ID used to identify the metrics configuration.
",
+ "MetricsConfiguration$Id": "The ID used to identify the metrics configuration.
",
+ "PutBucketMetricsConfigurationRequest$Id": "The ID used to identify the metrics configuration.
"
}
},
"MetricsStatus": {
@@ -2816,7 +2816,7 @@
"Object$Key": "The name that you assign to an object. You use the object key to retrieve the object.
",
"ObjectIdentifier$Key": "Key name of the object.
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
",
"ObjectVersion$Key": "The object key.
",
- "PutObjectAclRequest$Key": "Key for which the PUT action was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts in the Amazon S3 User Guide.
",
+ "PutObjectAclRequest$Key": "Key for which the PUT action was initiated.
When using this action with an access point, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.
When using this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When using this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts bucket ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
",
"PutObjectLegalHoldRequest$Key": "The key name for the object that you want to place a legal hold on.
",
"PutObjectRequest$Key": "Object key for which the PUT action was initiated.
",
"PutObjectRetentionRequest$Key": "The key name for the object that you want to apply this Object Retention configuration to.
",
@@ -3432,8 +3432,8 @@
"Range": {
"base": null,
"refs": {
- "GetObjectRequest$Range": "Downloads the specified range bytes of an object. For more information about the HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range.
Amazon S3 doesn't support retrieving multiple ranges of data per GET request.
",
- "HeadObjectRequest$Range": "HeadObject returns only the metadata for an object. If the Range is satisfiable, only the ContentLength is affected in the response. If the Range is not satisfiable, S3 returns a 416 - Requested Range Not Satisfiable error.
"
+ "GetObjectRequest$Range": "Downloads the specified range bytes of an object. For more information about the HTTP Range header, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.
Amazon S3 doesn't support retrieving multiple ranges of data per GET request.
",
+ "HeadObjectRequest$Range": "Because HeadObject returns only the metadata for an object, this parameter has no effect.
"
}
},
"RecordDelimiter": {
@@ -3478,7 +3478,7 @@
"ReplicaKmsKeyID": {
"base": null,
"refs": {
- "EncryptionConfiguration$ReplicaKmsKeyID": "Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web Services KMS key stored in Amazon Web Services Key Management Service (KMS) for the destination bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.
"
+ "EncryptionConfiguration$ReplicaKmsKeyID": "Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web Services KMS key stored in Amazon Web Services Key Management Service (KMS) for the destination bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric, customer managed KMS keys. For more information, see Using symmetric and asymmetric keys in the Amazon Web Services Key Management Service Developer Guide.
"
}
},
"ReplicaModifications": {
@@ -3831,28 +3831,28 @@
"CopyObjectRequest$SSEKMSEncryptionContext": "Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
",
"CreateMultipartUploadOutput$SSEKMSEncryptionContext": "If present, specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
",
"CreateMultipartUploadRequest$SSEKMSEncryptionContext": "Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
",
- "PutObjectOutput$SSEKMSEncryptionContext": "If present, specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject or CopyObject operations on this object.
",
- "PutObjectRequest$SSEKMSEncryptionContext": "Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject or CopyObject operations on this object.
"
+ "PutObjectOutput$SSEKMSEncryptionContext": "If present, specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
",
+ "PutObjectRequest$SSEKMSEncryptionContext": "Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
"
}
},
"SSEKMSKeyId": {
"base": null,
"refs": {
- "CompleteMultipartUploadOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for the object.
",
- "CopyObjectOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for the object.
",
+ "CompleteMultipartUploadOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key that was used for the object.
",
+ "CopyObjectOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key that was used for the object.
",
"CopyObjectRequest$SSEKMSKeyId": "Specifies the Amazon Web Services KMS key ID to use for object encryption. All GET and PUT requests for an object protected by Amazon Web Services KMS will fail if not made via SSL or using SigV4. For information about configuring using any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide.
",
- "CreateMultipartUploadOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for the object.
",
- "CreateMultipartUploadRequest$SSEKMSKeyId": "Specifies the ID of the symmetric encryption customer managed key to use for object encryption. All GET and PUT requests for an object protected by Amazon Web Services KMS will fail if not made via SSL or using SigV4. For information about configuring using any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide.
",
- "Encryption$KMSKeyId": "If the encryption type is aws:kms, this optional value specifies the ID of the symmetric encryption customer managed key to use for encryption of job results. Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.
",
- "GetObjectOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for the object.
",
- "HeadObjectOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for the object.
",
- "PutObjectOutput$SSEKMSKeyId": "If x-amz-server-side-encryption is has a valid value of aws:kms, this header specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for the object.
",
- "PutObjectRequest$SSEKMSKeyId": "If x-amz-server-side-encryption has a valid value of aws:kms, this header specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for the object. If you specify x-amz-server-side-encryption:aws:kms, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key to protect the data. If the KMS key does not exist in the same account issuing the command, you must use the full ARN and not just the ID.
",
- "SSEKMS$KeyId": "Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key to use for encrypting inventory reports.
",
- "ServerSideEncryptionByDefault$KMSMasterKeyID": "Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption. This parameter is allowed if and only if SSEAlgorithm is set to aws:kms.
You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. However, if you are using encryption with cross-account or Amazon Web Services service operations you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations.
For example:
Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.
",
- "UploadPartCopyOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for the object.
",
- "UploadPartOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key was used for the object.
",
- "WriteGetObjectResponseRequest$SSEKMSKeyId": " If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key that was used for stored in Amazon S3 object.
"
+ "CreateMultipartUploadOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key that was used for the object.
",
+ "CreateMultipartUploadRequest$SSEKMSKeyId": "Specifies the ID of the symmetric customer managed key to use for object encryption. All GET and PUT requests for an object protected by Amazon Web Services KMS will fail if not made via SSL or using SigV4. For information about configuring using any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide.
",
+ "Encryption$KMSKeyId": "If the encryption type is aws:kms, this optional value specifies the ID of the symmetric customer managed key to use for encryption of job results. Amazon S3 only supports symmetric keys. For more information, see Using symmetric and asymmetric keys in the Amazon Web Services Key Management Service Developer Guide.
",
+ "GetObjectOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key that was used for the object.
",
+ "HeadObjectOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key that was used for the object.
",
+ "PutObjectOutput$SSEKMSKeyId": "If x-amz-server-side-encryption is present and has the value of aws:kms, this header specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key that was used for the object.
",
+ "PutObjectRequest$SSEKMSKeyId": "If x-amz-server-side-encryption is present and has the value of aws:kms, this header specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetrical customer managed key that was used for the object. If you specify x-amz-server-side-encryption:aws:kms, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key to protect the data. If the KMS key does not exist in the same account issuing the command, you must use the full ARN and not just the ID.
",
+ "SSEKMS$KeyId": "Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key to use for encrypting inventory reports.
",
+ "ServerSideEncryptionByDefault$KMSMasterKeyID": "Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption. This parameter is allowed if and only if SSEAlgorithm is set to aws:kms.
You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. However, if you are using encryption with cross-account or Amazon Web Services service operations you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations.
For example:
Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For more information, see Using symmetric and asymmetric keys in the Amazon Web Services Key Management Service Developer Guide.
",
+ "UploadPartCopyOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key that was used for the object.
",
+ "UploadPartOutput$SSEKMSKeyId": "If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key was used for the object.
",
+ "WriteGetObjectResponseRequest$SSEKMSKeyId": " If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key that was used for stored in Amazon S3 object.
"
}
},
"SSES3": {
@@ -3892,20 +3892,20 @@
"ServerSideEncryption": {
"base": null,
"refs": {
- "CompleteMultipartUploadOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "CopyObjectOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "CopyObjectRequest$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "CreateMultipartUploadOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "CreateMultipartUploadRequest$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "Encryption$EncryptionType": "The server-side encryption algorithm used when storing job results in Amazon S3 (for example, AES256, aws:kms).
",
- "GetObjectOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "HeadObjectOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "PutObjectOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "PutObjectRequest$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
+ "CompleteMultipartUploadOutput$ServerSideEncryption": "If you specified server-side encryption either with an Amazon S3-managed encryption key or an Amazon Web Services KMS key in your initiate multipart upload request, the response includes this header. It confirms the encryption algorithm that Amazon S3 used to encrypt the object.
",
+ "CopyObjectOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
+ "CopyObjectRequest$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
+ "CreateMultipartUploadOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
+ "CreateMultipartUploadRequest$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
+ "Encryption$EncryptionType": "The server-side encryption algorithm used when storing job results in Amazon S3 (for example, AES256, aws:kms).
",
+ "GetObjectOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
+ "HeadObjectOutput$ServerSideEncryption": "If the object is stored using server-side encryption either with an Amazon Web Services KMS key or an Amazon S3-managed encryption key, the response includes this header with the value of the server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
+ "PutObjectOutput$ServerSideEncryption": "If you specified server-side encryption either with an Amazon Web Services KMS key or Amazon S3-managed encryption key in your PUT request, the response includes this header. It confirms the encryption algorithm that Amazon S3 used to encrypt the object.
",
+ "PutObjectRequest$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
"ServerSideEncryptionByDefault$SSEAlgorithm": "Server-side encryption algorithm to use for the default encryption.
",
- "UploadPartCopyOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "UploadPartOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
- "WriteGetObjectResponseRequest$ServerSideEncryption": " The server-side encryption algorithm used when storing requested object in Amazon S3 (for example, AES256, aws:kms).
"
+ "UploadPartCopyOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
+ "UploadPartOutput$ServerSideEncryption": "The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).
",
+ "WriteGetObjectResponseRequest$ServerSideEncryption": " The server-side encryption algorithm used when storing requested object in Amazon S3 (for example, AES256, aws:kms).
"
}
},
"ServerSideEncryptionByDefault": {
@@ -4277,7 +4277,7 @@
"WebsiteRedirectLocation": {
"base": null,
"refs": {
- "CopyObjectRequest$WebsiteRedirectLocation": "If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. This value is unique to each object and is not copied when using the x-amz-metadata-directive header. Instead, you may opt to provide this header in combination with the directive.
",
+ "CopyObjectRequest$WebsiteRedirectLocation": "If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.
",
"CreateMultipartUploadRequest$WebsiteRedirectLocation": "If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.
",
"GetObjectOutput$WebsiteRedirectLocation": "If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.
",
"HeadObjectOutput$WebsiteRedirectLocation": "If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.
",
diff --git a/models/apis/s3/2006-03-01/examples-1.json b/models/apis/s3/2006-03-01/examples-1.json
index ad2f8f2bb1c..f08ab58000b 100644
--- a/models/apis/s3/2006-03-01/examples-1.json
+++ b/models/apis/s3/2006-03-01/examples-1.json
@@ -257,8 +257,10 @@
"DeleteObject": [
{
"input": {
- "Bucket": "ExampleBucket",
- "Key": "HappyFace.jpg"
+ "Bucket": "examplebucket",
+ "Key": "objectkey.jpg"
+ },
+ "output": {
},
"comments": {
"input": {
@@ -266,16 +268,14 @@
"output": {
}
},
- "description": "The following example deletes an object from a non-versioned bucket.",
- "id": "to-delete-an-object-from-a-non-versioned-bucket-1481588533089",
- "title": "To delete an object (from a non-versioned bucket)"
+ "description": "The following example deletes an object from an S3 bucket.",
+ "id": "to-delete-an-object-1472850136595",
+ "title": "To delete an object"
},
{
"input": {
- "Bucket": "examplebucket",
- "Key": "objectkey.jpg"
- },
- "output": {
+ "Bucket": "ExampleBucket",
+ "Key": "HappyFace.jpg"
},
"comments": {
"input": {
@@ -283,20 +283,19 @@
"output": {
}
},
- "description": "The following example deletes an object from an S3 bucket.",
- "id": "to-delete-an-object-1472850136595",
- "title": "To delete an object"
+ "description": "The following example deletes an object from a non-versioned bucket.",
+ "id": "to-delete-an-object-from-a-non-versioned-bucket-1481588533089",
+ "title": "To delete an object (from a non-versioned bucket)"
}
],
"DeleteObjectTagging": [
{
"input": {
"Bucket": "examplebucket",
- "Key": "HappyFace.jpg",
- "VersionId": "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI"
+ "Key": "HappyFace.jpg"
},
"output": {
- "VersionId": "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI"
+ "VersionId": "null"
},
"comments": {
"input": {
@@ -304,17 +303,18 @@
"output": {
}
},
- "description": "The following example removes tag set associated with the specified object version. The request specifies both the object key and object version.",
- "id": "to-remove-tag-set-from-an-object-version-1483145285913",
- "title": "To remove tag set from an object version"
+ "description": "The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the operation removes tag set from the latest object version.",
+ "id": "to-remove-tag-set-from-an-object-1483145342862",
+ "title": "To remove tag set from an object"
},
{
"input": {
"Bucket": "examplebucket",
- "Key": "HappyFace.jpg"
+ "Key": "HappyFace.jpg",
+ "VersionId": "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI"
},
"output": {
- "VersionId": "null"
+ "VersionId": "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI"
},
"comments": {
"input": {
@@ -322,9 +322,9 @@
"output": {
}
},
- "description": "The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the operation removes tag set from the latest object version.",
- "id": "to-remove-tag-set-from-an-object-1483145342862",
- "title": "To remove tag set from an object"
+ "description": "The following example removes tag set associated with the specified object version. The request specifies both the object key and object version.",
+ "id": "to-remove-tag-set-from-an-object-version-1483145285913",
+ "title": "To remove tag set from an object version"
}
],
"DeleteObjects": [
@@ -958,15 +958,15 @@
"output": {
"Buckets": [
{
- "CreationDate": "2012-02-15T21:03:02.000Z",
+ "CreationDate": "2012-02-15T21: 03: 02.000Z",
"Name": "examplebucket"
},
{
- "CreationDate": "2011-07-24T19:33:50.000Z",
+ "CreationDate": "2011-07-24T19: 33: 50.000Z",
"Name": "examplebucket2"
},
{
- "CreationDate": "2010-12-17T00:56:49.000Z",
+ "CreationDate": "2010-12-17T00: 56: 49.000Z",
"Name": "examplebucket3"
}
],
@@ -981,9 +981,9 @@
"output": {
}
},
- "description": "The following example returns all the buckets owned by the sender of this request.",
- "id": "to-list-buckets-1481910996058",
- "title": "To list all buckets"
+ "description": "The following example return versions of an object with specific key name prefix. The request limits the number of items returned to two. If there are are more than two object version, S3 returns NextToken in the response. You can specify this token value in your next request to fetch next set of object versions.",
+ "id": "to-list-object-versions-1481910996058",
+ "title": "To list object versions"
}
],
"ListMultipartUploads": [
@@ -1184,7 +1184,7 @@
"ListObjectsV2": [
{
"input": {
- "Bucket": "DOC-EXAMPLE-BUCKET",
+ "Bucket": "examplebucket",
"MaxKeys": "2"
},
"output": {
@@ -1207,7 +1207,7 @@
"IsTruncated": true,
"KeyCount": "2",
"MaxKeys": "2",
- "Name": "DOC-EXAMPLE-BUCKET",
+ "Name": "examplebucket",
"NextContinuationToken": "1w41l63U0xa8q7smH50vCxyTQqdxo69O3EmK28Bi5PcROI4wI/EyIJg==",
"Prefix": ""
},
@@ -1565,30 +1565,6 @@
}
],
"PutObject": [
- {
- "input": {
- "Body": "filetoupload",
- "Bucket": "examplebucket",
- "Key": "exampleobject",
- "Metadata": {
- "metadata1": "value1",
- "metadata2": "value2"
- }
- },
- "output": {
- "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"",
- "VersionId": "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0"
- },
- "comments": {
- "input": {
- },
- "output": {
- }
- },
- "description": "The following example creates an object. The request also specifies optional metadata. If the bucket is versioning enabled, S3 returns version ID in response.",
- "id": "to-upload-object-and-specify-user-defined-metadata-1483396974757",
- "title": "To upload object and specify user-defined metadata"
- },
{
"input": {
"Body": "c:\\HappyFace.jpg",
@@ -1612,14 +1588,13 @@
},
{
"input": {
- "ACL": "authenticated-read",
- "Body": "filetoupload",
+ "Body": "HappyFace.jpg",
"Bucket": "examplebucket",
- "Key": "exampleobject"
+ "Key": "HappyFace.jpg"
},
"output": {
"ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"",
- "VersionId": "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr"
+ "VersionId": "tpf3zF08nBplQK1XLOefGskR7mGDwcDk"
},
"comments": {
"input": {
@@ -1627,19 +1602,22 @@
"output": {
}
},
- "description": "The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.",
- "id": "to-upload-an-object-and-specify-canned-acl-1483397779571",
- "title": "To upload an object and specify canned ACL."
+ "description": "The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file syntax. S3 returns VersionId of the newly created object.",
+ "id": "to-upload-an-object-1481760101010",
+ "title": "To upload an object"
},
{
"input": {
"Body": "filetoupload",
"Bucket": "examplebucket",
- "Key": "objectkey"
+ "Key": "exampleobject",
+ "ServerSideEncryption": "AES256",
+ "Tagging": "key1=value1&key2=value2"
},
"output": {
"ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"",
- "VersionId": "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ"
+ "ServerSideEncryption": "AES256",
+ "VersionId": "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt"
},
"comments": {
"input": {
@@ -1647,19 +1625,23 @@
"output": {
}
},
- "description": "The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.",
- "id": "to-create-an-object-1483147613675",
- "title": "To create an object."
+ "description": "The following example uploads and object. The request specifies the optional server-side encryption option. The request also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.",
+ "id": "to-upload-an-object-and-specify-server-side-encryption-and-object-tags-1483398331831",
+ "title": "To upload an object and specify server-side encryption and object tags"
},
{
"input": {
- "Body": "HappyFace.jpg",
+ "Body": "filetoupload",
"Bucket": "examplebucket",
- "Key": "HappyFace.jpg"
+ "Key": "exampleobject",
+ "Metadata": {
+ "metadata1": "value1",
+ "metadata2": "value2"
+ }
},
"output": {
"ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"",
- "VersionId": "tpf3zF08nBplQK1XLOefGskR7mGDwcDk"
+ "VersionId": "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0"
},
"comments": {
"input": {
@@ -1667,9 +1649,9 @@
"output": {
}
},
- "description": "The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file syntax. S3 returns VersionId of the newly created object.",
- "id": "to-upload-an-object-1481760101010",
- "title": "To upload an object"
+ "description": "The following example creates an object. The request also specifies optional metadata. If the bucket is versioning enabled, S3 returns version ID in response.",
+ "id": "to-upload-object-and-specify-user-defined-metadata-1483396974757",
+ "title": "To upload object and specify user-defined metadata"
},
{
"input": {
@@ -1696,16 +1678,14 @@
},
{
"input": {
+ "ACL": "authenticated-read",
"Body": "filetoupload",
"Bucket": "examplebucket",
- "Key": "exampleobject",
- "ServerSideEncryption": "AES256",
- "Tagging": "key1=value1&key2=value2"
+ "Key": "exampleobject"
},
"output": {
"ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"",
- "ServerSideEncryption": "AES256",
- "VersionId": "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt"
+ "VersionId": "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr"
},
"comments": {
"input": {
@@ -1713,9 +1693,29 @@
"output": {
}
},
- "description": "The following example uploads an object. The request specifies the optional server-side encryption option. The request also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.",
- "id": "to-upload-an-object-and-specify-server-side-encryption-and-object-tags-1483398331831",
- "title": "To upload an object and specify server-side encryption and object tags"
+ "description": "The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.",
+ "id": "to-upload-an-object-and-specify-canned-acl-1483397779571",
+ "title": "To upload an object and specify canned ACL."
+ },
+ {
+ "input": {
+ "Body": "filetoupload",
+ "Bucket": "examplebucket",
+ "Key": "objectkey"
+ },
+ "output": {
+ "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"",
+ "VersionId": "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.",
+ "id": "to-create-an-object-1483147613675",
+ "title": "To create an object."
}
],
"PutObjectAcl": [
@@ -1826,14 +1826,15 @@
"input": {
"Bucket": "examplebucket",
"CopySource": "/bucketname/sourceobjectkey",
+ "CopySourceRange": "bytes=1-100000",
"Key": "examplelargeobject",
- "PartNumber": "1",
+ "PartNumber": "2",
"UploadId": "exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--"
},
"output": {
"CopyPartResult": {
- "ETag": "\"b0c6f0e7e054ab8fa2536a2677f8734d\"",
- "LastModified": "2016-12-29T21:24:43.000Z"
+ "ETag": "\"65d16d19e65a7508a51f043180edcc36\"",
+ "LastModified": "2016-12-29T21:44:28.000Z"
}
},
"comments": {
@@ -1842,23 +1843,22 @@
"output": {
}
},
- "description": "The following example uploads a part of a multipart upload by copying data from an existing object as data source.",
- "id": "to-upload-a-part-by-copying-data-from-an-existing-object-as-data-source-1483046746348",
- "title": "To upload a part by copying data from an existing object as data source"
+ "description": "The following example uploads a part of a multipart upload by copying a specified byte range from an existing object as data source.",
+ "id": "to-upload-a-part-by-copying-byte-range-from-an-existing-object-as-data-source-1483048068594",
+ "title": "To upload a part by copying byte range from an existing object as data source"
},
{
"input": {
"Bucket": "examplebucket",
"CopySource": "/bucketname/sourceobjectkey",
- "CopySourceRange": "bytes=1-100000",
"Key": "examplelargeobject",
- "PartNumber": "2",
+ "PartNumber": "1",
"UploadId": "exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--"
},
"output": {
"CopyPartResult": {
- "ETag": "\"65d16d19e65a7508a51f043180edcc36\"",
- "LastModified": "2016-12-29T21:44:28.000Z"
+ "ETag": "\"b0c6f0e7e054ab8fa2536a2677f8734d\"",
+ "LastModified": "2016-12-29T21:24:43.000Z"
}
},
"comments": {
@@ -1867,9 +1867,9 @@
"output": {
}
},
- "description": "The following example uploads a part of a multipart upload by copying a specified byte range from an existing object as data source.",
- "id": "to-upload-a-part-by-copying-byte-range-from-an-existing-object-as-data-source-1483048068594",
- "title": "To upload a part by copying byte range from an existing object as data source"
+ "description": "The following example uploads a part of a multipart upload by copying data from an existing object as data source.",
+ "id": "to-upload-a-part-by-copying-data-from-an-existing-object-as-data-source-1483046746348",
+ "title": "To upload a part by copying data from an existing object as data source"
}
]
}
diff --git a/models/apis/s3control/2018-08-20/endpoint-rule-set-1.json b/models/apis/s3control/2018-08-20/endpoint-rule-set-1.json
index fb9bc2cbe4a..ac2587dad9a 100644
--- a/models/apis/s3control/2018-08-20/endpoint-rule-set-1.json
+++ b/models/apis/s3control/2018-08-20/endpoint-rule-set-1.json
@@ -81,6 +81,120 @@
"conditions": [],
"type": "tree",
"rules": [
+ {
+ "conditions": [
+ {
+ "fn": "stringEquals",
+ "argv": [
+ {
+ "ref": "Region"
+ },
+ "snow"
+ ]
+ },
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ]
+ },
+ {
+ "fn": "parseURL",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ],
+ "assign": "url"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "aws.partition",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ],
+ "assign": "partitionResult"
+ }
+ ],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "S3 Snow does not support Dual-stack",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "type": "tree",
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "S3 Snow does not support FIPS",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "{url#scheme}://{url#authority}",
+ "properties": {
+ "authSchemes": [
+ {
+ "disableDoubleEncoding": true,
+ "name": "sigv4",
+ "signingName": "s3",
+ "signingRegion": "{Region}"
+ }
+ ]
+ },
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "conditions": [],
+ "error": "A valid partition could not be determined",
+ "type": "error"
+ }
+ ]
+ },
{
"conditions": [
{
diff --git a/models/apis/s3control/2018-08-20/endpoint-tests-1.json b/models/apis/s3control/2018-08-20/endpoint-tests-1.json
index 249d60a4b6d..afb8c275442 100644
--- a/models/apis/s3control/2018-08-20/endpoint-tests-1.json
+++ b/models/apis/s3control/2018-08-20/endpoint-tests-1.json
@@ -3458,6 +3458,133 @@
"UseDualStack": false,
"UseFIPS": false
}
+ },
+ {
+ "documentation": "S3 Snow Control with bucket",
+ "expect": {
+ "endpoint": {
+ "properties": {
+ "authSchemes": [
+ {
+ "name": "sigv4",
+ "signingName": "s3",
+ "signingRegion": "snow",
+ "disableDoubleEncoding": true
+ }
+ ]
+ },
+ "url": "https://10.0.1.12:433"
+ }
+ },
+ "params": {
+ "Region": "snow",
+ "Bucket": "bucketName",
+ "Endpoint": "https://10.0.1.12:433",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "S3 Snow Control without bucket",
+ "expect": {
+ "endpoint": {
+ "properties": {
+ "authSchemes": [
+ {
+ "name": "sigv4",
+ "signingName": "s3",
+ "signingRegion": "snow",
+ "disableDoubleEncoding": true
+ }
+ ]
+ },
+ "url": "https://10.0.1.12:433"
+ }
+ },
+ "params": {
+ "Region": "snow",
+ "Endpoint": "https://10.0.1.12:433",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "S3 Snow Control with bucket and without port",
+ "expect": {
+ "endpoint": {
+ "properties": {
+ "authSchemes": [
+ {
+ "name": "sigv4",
+ "signingName": "s3",
+ "signingRegion": "snow",
+ "disableDoubleEncoding": true
+ }
+ ]
+ },
+ "url": "https://10.0.1.12"
+ }
+ },
+ "params": {
+ "Region": "snow",
+ "Bucket": "bucketName",
+ "Endpoint": "https://10.0.1.12",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "S3 Snow Control with bucket and with DNS",
+ "expect": {
+ "endpoint": {
+ "properties": {
+ "authSchemes": [
+ {
+ "name": "sigv4",
+ "signingName": "s3",
+ "signingRegion": "snow",
+ "disableDoubleEncoding": true
+ }
+ ]
+ },
+ "url": "http://s3snow.com"
+ }
+ },
+ "params": {
+ "Region": "snow",
+ "Bucket": "bucketName",
+ "Endpoint": "http://s3snow.com",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "S3 Snow Control with FIPS enabled",
+ "expect": {
+ "error": "S3 Snow does not support FIPS"
+ },
+ "params": {
+ "Region": "snow",
+ "Bucket": "bucketName",
+ "Endpoint": "https://10.0.1.12:433",
+ "UseFIPS": true,
+ "UseDualStack": false,
+ "Accelerate": false
+ }
+ },
+ {
+ "documentation": "S3 Snow Control with Dual-stack enabled",
+ "expect": {
+ "error": "S3 Snow does not support Dual-stack"
+ },
+ "params": {
+ "Region": "snow",
+ "Bucket": "bucketName",
+ "Endpoint": "https://10.0.1.12:433",
+ "UseFIPS": false,
+ "UseDualStack": true,
+ "Accelerate": false
+ }
}
],
"version": "1.0"
diff --git a/models/apis/secretsmanager/2017-10-17/docs-2.json b/models/apis/secretsmanager/2017-10-17/docs-2.json
index 448a4c6207b..5b9e7fe955f 100644
--- a/models/apis/secretsmanager/2017-10-17/docs-2.json
+++ b/models/apis/secretsmanager/2017-10-17/docs-2.json
@@ -23,7 +23,7 @@
"UntagResource": "Removes specific tags from a secret.
This operation is idempotent. If a requested tag is not attached to the secret, no error is returned and the secret metadata is unchanged.
If you use tags as part of your security strategy, then removing a tag can change permissions. If successfully completing this operation would result in you losing your permissions for this secret, then the operation is blocked and returns an Access Denied error.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions: secretsmanager:UntagResource. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.
",
"UpdateSecret": "Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use PutSecretValue.
To change the rotation configuration of a secret, use RotateSecret instead.
To change a secret so that it is managed by another service, you need to recreate the secret in that service. See Secrets Manager secrets managed by other Amazon Web Services services.
We recommend you avoid calling UpdateSecret at a sustained rate of more than once every 10 minutes. When you call UpdateSecret to update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you update the secret value more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions.
If you include SecretString or SecretBinary to create a new secret version, Secrets Manager automatically moves the staging label AWSCURRENT to the new version. Then it attaches the label AWSPREVIOUS to the version that AWSCURRENT was removed from.
If you call this operation with a ClientRequestToken that matches an existing version's VersionId, the operation results in an error. You can't modify an existing version, you can only create a new version. To remove a version, remove all staging labels from it. See UpdateSecretVersionStage.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except SecretBinary or SecretString because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions: secretsmanager:UpdateSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. If you use a customer managed key, you must also have kms:GenerateDataKey and kms:Decrypt permissions on the key. For more information, see Secret encryption and decryption.
",
"UpdateSecretVersionStage": "Modifies the staging labels attached to a version of a secret. Secrets Manager uses staging labels to track a version as it progresses through the secret rotation process. Each staging label can be attached to only one version at a time. To add a staging label to a version when it is already attached to another version, Secrets Manager first removes it from the other version first and then attaches it to this one. For more information about versions and staging labels, see Concepts: Version.
The staging labels that you specify in the VersionStage parameter are added to the existing list of staging labels for the version.
You can move the AWSCURRENT staging label to this version by including it in this call.
Whenever you move AWSCURRENT, Secrets Manager automatically moves the label AWSPREVIOUS to the version that AWSCURRENT was removed from.
If this action results in the last label being removed from a version, then the version is considered to be 'deprecated' and can be deleted by Secrets Manager.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions: secretsmanager:UpdateSecretVersionStage. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.
",
- "ValidateResourcePolicy": "Validates that a resource policy does not grant a wide range of principals access to your secret. A resource-based policy is optional for secrets.
The API performs three checks when validating the policy:
-
Sends a call to Zelkova, an automated reasoning engine, to ensure your resource policy does not allow broad access to your secret, for example policies that use a wildcard for the principal.
-
Checks for correct syntax in a policy.
-
Verifies the policy does not lock out a caller.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions: secretsmanager:ValidateResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.
"
+ "ValidateResourcePolicy": "Validates that a resource policy does not grant a wide range of principals access to your secret. A resource-based policy is optional for secrets.
The API performs three checks when validating the policy:
-
Sends a call to Zelkova, an automated reasoning engine, to ensure your resource policy does not allow broad access to your secret, for example policies that use a wildcard for the principal.
-
Checks for correct syntax in a policy.
-
Verifies the policy does not lock out a caller.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions: secretsmanager:ValidateResourcePolicy and secretsmanager:PutResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.
"
},
"shapes": {
"AddReplicaRegionListType": {
@@ -42,13 +42,13 @@
"BooleanType": {
"base": null,
"refs": {
- "CreateSecretRequest$ForceOverwriteReplicaSecret": "Specifies whether to overwrite a secret with the same name in the destination Region.
",
- "DeleteSecretRequest$ForceDeleteWithoutRecovery": "Specifies whether to delete the secret without any recovery window. You can't use both this parameter and RecoveryWindowInDays in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window.
Secrets Manager performs the actual deletion with an asynchronous background process, so there might be a short delay before the secret is permanently deleted. If you delete a secret and then immediately create a secret with the same name, use appropriate back off and retry logic.
Use this parameter with caution. This parameter causes the operation to skip the normal recovery window before the permanent deletion that Secrets Manager would normally impose with the RecoveryWindowInDays parameter. If you delete a secret with the ForceDeleteWithoutRecovery parameter, then you have no opportunity to recover the secret. You lose the secret permanently.
",
- "ListSecretVersionIdsRequest$IncludeDeprecated": "Specifies whether to include versions of secrets that don't have any staging labels attached to them. Versions without staging labels are considered deprecated and are subject to deletion by Secrets Manager.
",
- "ListSecretsRequest$IncludePlannedDeletion": "Specifies whether to include secrets scheduled for deletion.
",
- "PutResourcePolicyRequest$BlockPublicPolicy": "Specifies whether to block resource-based policies that allow broad access to the secret, for example those that use a wildcard for the principal.
",
- "ReplicateSecretToRegionsRequest$ForceOverwriteReplicaSecret": "Specifies whether to overwrite a secret with the same name in the destination Region.
",
- "RotateSecretRequest$RotateImmediately": "Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in RotateSecretRequest$RotationRules.
For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the testSecret step of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it.
If you don't specify this value, then by default, Secrets Manager rotates the secret immediately.
",
+ "CreateSecretRequest$ForceOverwriteReplicaSecret": "Specifies whether to overwrite a secret with the same name in the destination Region. By default, secrets aren't overwritten.
",
+ "DeleteSecretRequest$ForceDeleteWithoutRecovery": "Specifies whether to delete the secret without any recovery window. You can't use both this parameter and RecoveryWindowInDays in the same call. If you don't use either, then by default Secrets Manager uses a 30 day recovery window.
Secrets Manager performs the actual deletion with an asynchronous background process, so there might be a short delay before the secret is permanently deleted. If you delete a secret and then immediately create a secret with the same name, use appropriate back off and retry logic.
Use this parameter with caution. This parameter causes the operation to skip the normal recovery window before the permanent deletion that Secrets Manager would normally impose with the RecoveryWindowInDays parameter. If you delete a secret with the ForceDeleteWithoutRecovery parameter, then you have no opportunity to recover the secret. You lose the secret permanently.
",
+ "ListSecretVersionIdsRequest$IncludeDeprecated": "Specifies whether to include versions of secrets that don't have any staging labels attached to them. Versions without staging labels are considered deprecated and are subject to deletion by Secrets Manager. By default, versions without staging labels aren't included.
",
+ "ListSecretsRequest$IncludePlannedDeletion": "Specifies whether to include secrets scheduled for deletion. By default, secrets scheduled for deletion aren't included.
",
+ "PutResourcePolicyRequest$BlockPublicPolicy": "Specifies whether to block resource-based policies that allow broad access to the secret, for example those that use a wildcard for the principal. By default, public policies aren't blocked.
",
+ "ReplicateSecretToRegionsRequest$ForceOverwriteReplicaSecret": "Specifies whether to overwrite a secret with the same name in the destination Region. By default, secrets aren't overwritten.
",
+ "RotateSecretRequest$RotateImmediately": "Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in RotateSecretRequest$RotationRules.
For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the testSecret step of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it.
By default, Secrets Manager rotates the secret immediately.
",
"ValidateResourcePolicyResponse$PolicyValidationPassed": "True if your policy passes validation, otherwise false.
"
}
},
@@ -454,7 +454,7 @@
"RecoveryWindowInDaysType": {
"base": null,
"refs": {
- "DeleteSecretRequest$RecoveryWindowInDays": "The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can't use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window.
"
+ "DeleteSecretRequest$RecoveryWindowInDays": "The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can't use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don't use either, then by default Secrets Manager uses a 30 day recovery window.
"
}
},
"RegionType": {
diff --git a/models/apis/secretsmanager/2017-10-17/endpoint-tests-1.json b/models/apis/secretsmanager/2017-10-17/endpoint-tests-1.json
index ad06e6e3c63..f81865a4bb5 100644
--- a/models/apis/secretsmanager/2017-10-17/endpoint-tests-1.json
+++ b/models/apis/secretsmanager/2017-10-17/endpoint-tests-1.json
@@ -533,6 +533,17 @@
"UseDualStack": false
}
},
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
+ }
+ },
{
"documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled",
"expect": {
@@ -546,6 +557,28 @@
"UseDualStack": false
}
},
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
+ }
+ },
{
"documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
"expect": {
@@ -559,6 +592,17 @@
"UseDualStack": false
}
},
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
+ }
+ },
{
"documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
"expect": {
@@ -622,6 +666,12 @@
"UseDualStack": true,
"Endpoint": "https://example.com"
}
+ },
+ {
+ "documentation": "Missing region",
+ "expect": {
+ "error": "Invalid Configuration: Missing Region"
+ }
}
],
"version": "1.0"
diff --git a/models/apis/secretsmanager/2017-10-17/examples-1.json b/models/apis/secretsmanager/2017-10-17/examples-1.json
index 2ce2d15a024..06eac37f837 100644
--- a/models/apis/secretsmanager/2017-10-17/examples-1.json
+++ b/models/apis/secretsmanager/2017-10-17/examples-1.json
@@ -335,6 +335,38 @@
"title": "To store a secret value in a new version of a secret"
}
],
+ "ReplicateSecretToRegions": [
+ {
+ "input": {
+ "AddReplicaRegions": [
+ {
+ "Region": "eu-west-3"
+ }
+ ],
+ "ForceOverwriteReplicaSecret": true,
+ "SecretId": "MyTestSecret"
+ },
+ "output": {
+ "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestSecret-1a2b3c",
+ "ReplicationStatus": [
+ {
+ "KmsKeyId": "alias/aws/secretsmanager",
+ "Region": "eu-west-3",
+ "Status": "InProgress"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example replicates a secret to eu-west-3. The replica is encrypted with the AWS managed key aws/secretsmanager.",
+ "id": "example-1679591984774",
+ "title": "Example"
+ }
+ ],
"RestoreSecret": [
{
"input": {
diff --git a/models/apis/securityhub/2018-10-26/endpoint-tests-1.json b/models/apis/securityhub/2018-10-26/endpoint-tests-1.json
index ff107f7ff4f..61093208ca9 100644
--- a/models/apis/securityhub/2018-10-26/endpoint-tests-1.json
+++ b/models/apis/securityhub/2018-10-26/endpoint-tests-1.json
@@ -8,9 +8,9 @@
}
},
"params": {
+ "Region": "af-south-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "af-south-1"
+ "UseDualStack": false
}
},
{
@@ -21,9 +21,9 @@
}
},
"params": {
+ "Region": "ap-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-east-1"
+ "UseDualStack": false
}
},
{
@@ -34,9 +34,9 @@
}
},
"params": {
+ "Region": "ap-northeast-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-northeast-1"
+ "UseDualStack": false
}
},
{
@@ -47,9 +47,9 @@
}
},
"params": {
+ "Region": "ap-northeast-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-northeast-2"
+ "UseDualStack": false
}
},
{
@@ -60,9 +60,9 @@
}
},
"params": {
+ "Region": "ap-northeast-3",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-northeast-3"
+ "UseDualStack": false
}
},
{
@@ -73,9 +73,9 @@
}
},
"params": {
+ "Region": "ap-south-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-south-1"
+ "UseDualStack": false
}
},
{
@@ -86,9 +86,9 @@
}
},
"params": {
+ "Region": "ap-southeast-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-southeast-1"
+ "UseDualStack": false
}
},
{
@@ -99,9 +99,9 @@
}
},
"params": {
+ "Region": "ap-southeast-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-southeast-2"
+ "UseDualStack": false
}
},
{
@@ -112,9 +112,9 @@
}
},
"params": {
+ "Region": "ap-southeast-3",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-southeast-3"
+ "UseDualStack": false
}
},
{
@@ -125,9 +125,9 @@
}
},
"params": {
+ "Region": "ca-central-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ca-central-1"
+ "UseDualStack": false
}
},
{
@@ -138,9 +138,9 @@
}
},
"params": {
+ "Region": "eu-central-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-central-1"
+ "UseDualStack": false
}
},
{
@@ -151,9 +151,9 @@
}
},
"params": {
+ "Region": "eu-north-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-north-1"
+ "UseDualStack": false
}
},
{
@@ -164,9 +164,9 @@
}
},
"params": {
+ "Region": "eu-south-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-south-1"
+ "UseDualStack": false
}
},
{
@@ -177,9 +177,9 @@
}
},
"params": {
+ "Region": "eu-west-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-west-1"
+ "UseDualStack": false
}
},
{
@@ -190,9 +190,9 @@
}
},
"params": {
+ "Region": "eu-west-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-west-2"
+ "UseDualStack": false
}
},
{
@@ -203,9 +203,9 @@
}
},
"params": {
+ "Region": "eu-west-3",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-west-3"
+ "UseDualStack": false
}
},
{
@@ -216,9 +216,9 @@
}
},
"params": {
+ "Region": "me-south-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "me-south-1"
+ "UseDualStack": false
}
},
{
@@ -229,9 +229,9 @@
}
},
"params": {
+ "Region": "sa-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "sa-east-1"
+ "UseDualStack": false
}
},
{
@@ -242,9 +242,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-east-1"
+ "UseDualStack": false
}
},
{
@@ -255,9 +255,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-east-1"
+ "UseDualStack": false
}
},
{
@@ -268,9 +268,9 @@
}
},
"params": {
+ "Region": "us-east-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-east-2"
+ "UseDualStack": false
}
},
{
@@ -281,9 +281,9 @@
}
},
"params": {
+ "Region": "us-east-2",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-east-2"
+ "UseDualStack": false
}
},
{
@@ -294,9 +294,9 @@
}
},
"params": {
+ "Region": "us-west-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-west-1"
+ "UseDualStack": false
}
},
{
@@ -307,9 +307,9 @@
}
},
"params": {
+ "Region": "us-west-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-west-1"
+ "UseDualStack": false
}
},
{
@@ -320,9 +320,9 @@
}
},
"params": {
+ "Region": "us-west-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-west-2"
+ "UseDualStack": false
}
},
{
@@ -333,9 +333,9 @@
}
},
"params": {
+ "Region": "us-west-2",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-west-2"
+ "UseDualStack": false
}
},
{
@@ -346,9 +346,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "us-east-1"
+ "UseDualStack": true
}
},
{
@@ -359,9 +359,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "us-east-1"
+ "UseDualStack": true
}
},
{
@@ -372,9 +372,9 @@
}
},
"params": {
+ "Region": "cn-north-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "cn-north-1"
+ "UseDualStack": false
}
},
{
@@ -385,9 +385,9 @@
}
},
"params": {
+ "Region": "cn-northwest-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "cn-northwest-1"
+ "UseDualStack": false
}
},
{
@@ -398,9 +398,9 @@
}
},
"params": {
+ "Region": "cn-north-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "cn-north-1"
+ "UseDualStack": true
}
},
{
@@ -411,9 +411,9 @@
}
},
"params": {
+ "Region": "cn-north-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "cn-north-1"
+ "UseDualStack": false
}
},
{
@@ -424,9 +424,9 @@
}
},
"params": {
+ "Region": "cn-north-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "cn-north-1"
+ "UseDualStack": true
}
},
{
@@ -437,9 +437,9 @@
}
},
"params": {
+ "Region": "us-gov-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-gov-east-1"
+ "UseDualStack": false
}
},
{
@@ -450,9 +450,9 @@
}
},
"params": {
+ "Region": "us-gov-east-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-gov-east-1"
+ "UseDualStack": false
}
},
{
@@ -463,9 +463,9 @@
}
},
"params": {
+ "Region": "us-gov-west-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-gov-west-1"
+ "UseDualStack": false
}
},
{
@@ -476,9 +476,9 @@
}
},
"params": {
+ "Region": "us-gov-west-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-gov-west-1"
+ "UseDualStack": false
}
},
{
@@ -489,9 +489,9 @@
}
},
"params": {
+ "Region": "us-gov-east-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "us-gov-east-1"
+ "UseDualStack": true
}
},
{
@@ -502,9 +502,20 @@
}
},
"params": {
+ "Region": "us-gov-east-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "us-gov-east-1"
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
}
},
{
@@ -515,9 +526,20 @@
}
},
"params": {
+ "Region": "us-iso-east-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-iso-east-1"
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
}
},
{
@@ -528,9 +550,20 @@
}
},
"params": {
+ "Region": "us-iso-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-iso-east-1"
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
}
},
{
@@ -541,9 +574,20 @@
}
},
"params": {
+ "Region": "us-isob-east-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-isob-east-1"
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
}
},
{
@@ -554,9 +598,9 @@
}
},
"params": {
+ "Region": "us-isob-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-isob-east-1"
+ "UseDualStack": false
}
},
{
@@ -567,9 +611,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
"UseDualStack": false,
- "Region": "us-east-1",
"Endpoint": "https://example.com"
}
},
@@ -592,9 +636,9 @@
"error": "Invalid Configuration: FIPS and custom endpoint are not supported"
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": true,
"UseDualStack": false,
- "Region": "us-east-1",
"Endpoint": "https://example.com"
}
},
@@ -604,11 +648,17 @@
"error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
"UseDualStack": true,
- "Region": "us-east-1",
"Endpoint": "https://example.com"
}
+ },
+ {
+ "documentation": "Missing region",
+ "expect": {
+ "error": "Invalid Configuration: Missing Region"
+ }
}
],
"version": "1.0"
diff --git a/models/apis/securityhub/2018-10-26/examples-1.json b/models/apis/securityhub/2018-10-26/examples-1.json
index 0ea7e3b0bbe..e50fd0e4114 100644
--- a/models/apis/securityhub/2018-10-26/examples-1.json
+++ b/models/apis/securityhub/2018-10-26/examples-1.json
@@ -1,5 +1,1521 @@
{
"version": "1.0",
"examples": {
+ "AcceptAdministratorInvitation": [
+ {
+ "input": {
+ "AdministratorId": "123456789012",
+ "InvitationId": "7ab938c5d52d7904ad09f9e7c20cc4eb"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example demonstrates how an account can accept an invitation from the Security Hub administrator account to be a member account. This operation is applicable only to member accounts that are not added through AWS Organizations.",
+ "id": "to-accept-an-invitation-be-a-member-account-1674849870467",
+ "title": "To accept an invitation be a member account"
+ }
+ ],
+ "BatchDisableStandards": [
+ {
+ "input": {
+ "StandardsSubscriptionArns": [
+ "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"
+ ]
+ },
+ "output": {
+ "StandardsSubscriptions": [
+ {
+ "StandardsArn": "arn:aws:securityhub:eu-central-1::standards/pci-dss/v/3.2.1",
+ "StandardsInput": {
+ },
+ "StandardsStatus": "DELETING",
+ "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example disables a security standard in Security Hub.",
+ "id": "to-disable-one-or-more-security-standards-1674851507200",
+ "title": "To disable one or more security standards"
+ }
+ ],
+ "BatchEnableStandards": [
+ {
+ "input": {
+ "StandardsSubscriptionRequests": [
+ {
+ "StandardsArn": "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1"
+ }
+ ]
+ },
+ "output": {
+ "StandardsSubscriptions": [
+ {
+ "StandardsArn": "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1",
+ "StandardsInput": {
+ },
+ "StandardsStatus": "PENDING",
+ "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example imports findings from a third party provider to Security Hub.",
+ "id": "to-import-security-findings-from-a-third-party-provider-to-security-hub-1675090935260",
+ "title": "To import security findings from a third party provider to Security Hub"
+ }
+ ],
+ "BatchImportFindings": [
+ {
+ "input": {
+ "Findings": [
+ {
+ "AwsAccountId": "123456789012",
+ "CreatedAt": "2020-05-27T17:05:54.832Z",
+ "Description": "Vulnerability in a CloudTrail trail",
+ "FindingProviderFields": {
+ "Severity": {
+ "Label": "LOW",
+ "Original": "10"
+ },
+ "Types": [
+ "Software and Configuration Checks/Vulnerabilities/CVE"
+ ]
+ },
+ "GeneratorId": "TestGeneratorId",
+ "Id": "Id1",
+ "ProductArn": "arn:aws:securityhub:us-west-1:123456789012:product/123456789012/default",
+ "Resources": [
+ {
+ "Id": "arn:aws:cloudtrail:us-west-1:123456789012:trail/TrailName",
+ "Partition": "aws",
+ "Region": "us-west-1",
+ "Type": "AwsCloudTrailTrail"
+ }
+ ],
+ "SchemaVersion": "2018-10-08",
+ "Title": "CloudTrail trail vulnerability",
+ "UpdatedAt": "2020-06-02T16:05:54.832Z"
+ }
+ ]
+ },
+ "output": {
+ "FailedCount": 123,
+ "FailedFindings": [
+
+ ],
+ "SuccessCount": 123
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example imports findings from a third party provider to Security Hub.",
+ "id": "to-import-security-findings-from-a-third-party-provider-to-security-hub-1675090935260",
+ "title": "To import security findings from a third party provider to Security Hub"
+ }
+ ],
+ "BatchUpdateFindings": [
+ {
+ "input": {
+ "Confidence": 80,
+ "Criticality": 80,
+ "FindingIdentifiers": [
+ {
+ "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub"
+ },
+ {
+ "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
+ "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub"
+ }
+ ],
+ "Note": {
+ "Text": "Known issue that is not a risk.",
+ "UpdatedBy": "user1"
+ },
+ "RelatedFindings": [
+ {
+ "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333",
+ "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub"
+ }
+ ],
+ "Severity": {
+ "Label": "LOW"
+ },
+ "Types": [
+ "Software and Configuration Checks/Vulnerabilities/CVE"
+ ],
+ "UserDefinedFields": {
+ "reviewedByCio": "true"
+ },
+ "VerificationState": "TRUE_POSITIVE",
+ "Workflow": {
+ "Status": "RESOLVED"
+ }
+ },
+ "output": {
+ "ProcessedFindings": [
+ {
+ "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub"
+ },
+ {
+ "Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
+ "ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub"
+ }
+ ],
+ "UnprocessedFindings": [
+
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example updates Security Hub findings. The finding identifier parameter specifies which findings to update. Only specific finding fields can be updated with this operation.",
+ "id": "to-update-security-hub-findings-1675183938248",
+ "title": "To update Security Hub findings"
+ }
+ ],
+ "CreateActionTarget": [
+ {
+ "input": {
+ "Description": "Action to send the finding for remediation tracking",
+ "Id": "Remediation",
+ "Name": "Send to remediation"
+ },
+ "output": {
+ "ActionTargetArn": "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example creates a custom action target in Security Hub. Custom actions on findings and insights automatically trigger actions in Amazon CloudWatch Events.",
+ "id": "to-create-a-custom-action-target-1675184966299",
+ "title": "To create a custom action target"
+ }
+ ],
+ "CreateFindingAggregator": [
+ {
+ "input": {
+ "RegionLinkingMode": "SPECIFIED_REGIONS",
+ "Regions": [
+ "us-west-1",
+ "us-west-2"
+ ]
+ },
+ "output": {
+ "FindingAggregationRegion": "us-east-1",
+ "FindingAggregatorArn": "arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "RegionLinkingMode": "SPECIFIED_REGIONS",
+ "Regions": [
+ "us-west-1",
+ "us-west-2"
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example creates a finding aggregator. This is required to enable cross-Region aggregation.",
+ "id": "to-enable-cross-region-aggregation-1674766716226",
+ "title": "To enable cross-Region aggregation"
+ }
+ ],
+ "CreateInsight": [
+ {
+ "input": {
+ "Filters": {
+ "ResourceType": [
+ {
+ "Comparison": "EQUALS",
+ "Value": "AwsIamRole"
+ }
+ ],
+ "SeverityLabel": [
+ {
+ "Comparison": "EQUALS",
+ "Value": "CRITICAL"
+ }
+ ]
+ },
+ "GroupByAttribute": "ResourceId",
+ "Name": "Critical role findings"
+ },
+ "output": {
+ "InsightArn": "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example creates a custom insight in Security Hub. An insight is a collection of findings that relate to a security issue.",
+ "id": "to-create-a-custom-insight-1675354046628",
+ "title": "To create a custom insight"
+ }
+ ],
+ "CreateMembers": [
+ {
+ "input": {
+ "AccountDetails": [
+ {
+ "AccountId": "123456789012"
+ },
+ {
+ "AccountId": "111122223333"
+ }
+ ]
+ },
+ "output": {
+ "UnprocessedAccounts": [
+
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example creates a member association between the specified accounts and the administrator account (the account that makes the request). This operation is used to add accounts that aren't part of an organization.",
+ "id": "to-add-a-member-account-1675354709996",
+ "title": "To add a member account"
+ }
+ ],
+ "DeclineInvitations": [
+ {
+ "input": {
+ "AccountIds": [
+ "123456789012",
+ "111122223333"
+ ]
+ },
+ "output": {
+ "UnprocessedAccounts": [
+
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example declines an invitation from the Security Hub administrator account to become a member account. The invited account makes the request.",
+ "id": "to-decline-invitation-to-become-a-member-account-1675448487605",
+ "title": "To decline invitation to become a member account"
+ }
+ ],
+ "DeleteActionTarget": [
+ {
+ "input": {
+ "ActionTargetArn": "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation"
+ },
+ "output": {
+ "ActionTargetArn": "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example deletes a custom action target that triggers target actions in Amazon CloudWatch Events. Deleting a custom action target doesn't affect findings or insights that were already sent to CloudWatch Events based on the custom action.",
+ "id": "to-delete-a-custom-action-target-1675449272793",
+ "title": "To delete a custom action target"
+ }
+ ],
+ "DeleteFindingAggregator": [
+ {
+ "input": {
+ "FindingAggregatorArn": "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example deletes a finding aggregator in Security Hub. Deleting the finding aggregator stops cross-Region aggregation. This operation produces no output.",
+ "id": "to-delete-a-finding-aggregator-1675701750629",
+ "title": "To delete a finding aggregator"
+ }
+ ],
+ "DeleteInsight": [
+ {
+ "input": {
+ "InsightArn": "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+ },
+ "output": {
+ "InsightArn": "arn:aws:securityhub:eu-central-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example deletes a custom insight in Security Hub.",
+ "id": "to-delete-a-custom-insight-1675702697204",
+ "title": "To delete a custom insight"
+ }
+ ],
+ "DeleteInvitations": [
+ {
+ "input": {
+ "AccountIds": [
+ "123456789012"
+ ]
+ },
+ "output": {
+ "UnprocessedAccounts": [
+
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example deletes an invitation sent by the Security Hub administrator account to a prospective member account. This operation is used only for invitations sent to accounts that aren't part of an organization. Organization accounts don't receive invitations.",
+ "id": "to-delete-a-custom-insight-1675702697204",
+ "title": "To delete a custom insight"
+ }
+ ],
+ "DeleteMembers": [
+ {
+ "input": {
+ "AccountIds": [
+ "123456789111",
+ "123456789222"
+ ]
+ },
+ "output": {
+ "UnprocessedAccounts": [
+
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example deletes the specified member account from Security Hub. This operation can be used to delete member accounts that are part of an organization or that were invited manually.",
+ "id": "to-delete-a-member-account-1675883040513",
+ "title": "To delete a member account"
+ }
+ ],
+ "DescribeActionTargets": [
+ {
+ "input": {
+ "ActionTargetArns": [
+ "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation"
+ ]
+ },
+ "output": {
+ "ActionTargets": [
+ {
+ "ActionTargetArn": "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation",
+ "Description": "Action to send the finding for remediation tracking",
+ "Name": "Send to remediation"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns a list of custom action targets. You use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.",
+ "id": "to-return-custom-action-targets-1675883682038",
+ "title": "To return custom action targets"
+ }
+ ],
+ "DescribeHub": [
+ {
+ "input": {
+ "HubArn": "arn:aws:securityhub:us-west-1:123456789012:hub/default"
+ },
+ "output": {
+ "AutoEnableControls": true,
+ "ControlFindingGenerator": "SECURITY_CONTROL",
+ "HubArn": "arn:aws:securityhub:us-west-1:123456789012:hub/default",
+ "SubscribedAt": "2019-11-19T23:15:10.046Z"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns details about the Hub resource in the calling account. The Hub resource represents the implementation of the AWS Security Hub service in the calling account.",
+ "id": "to-return-details-about-hub-resource-1675884542597",
+ "title": "To return details about Hub resource"
+ }
+ ],
+ "DescribeOrganizationConfiguration": [
+ {
+ "input": {
+ },
+ "output": {
+ "AutoEnable": true,
+ "AutoEnableStandards": "DEFAULT",
+ "MemberAccountLimitReached": true
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns details about the way in which AWS Organizations is configured for a Security Hub account that belongs to an organization. Only a Security Hub administrator account can call this operation.",
+ "id": "to-get-information-about-organizations-configuration-1676059786304",
+ "title": "To get information about Organizations configuration"
+ }
+ ],
+ "DescribeProducts": [
+ {
+ "input": {
+ "MaxResults": 1,
+ "NextToken": "NULL",
+ "ProductArn": "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon"
+ },
+ "output": {
+ "NextToken": "U2FsdGVkX18vvPlOqb7RDrWRWVFBJI46MOIAb+nZmRJmR15NoRi2gm13sdQEn3O/pq/78dGs+bKpgA+7HMPHO0qX33/zoRI+uIG/F9yLNhcOrOWzFUdy36JcXLQji3Rpnn/cD1SVkGA98qI3zPOSDg==",
+ "Products": [
+ {
+ "ActivationUrl": "https://falcon.crowdstrike.com/support/documentation",
+ "Categories": [
+ "Endpoint Detection and Response (EDR)",
+ "AV Scanning and Sandboxing",
+ "Threat Intelligence Feeds and Reports",
+ "Endpoint Forensics",
+ "Network Forensics"
+ ],
+ "CompanyName": "CrowdStrike",
+ "Description": "CrowdStrike Falcon's single lightweight sensor unifies next-gen antivirus, endpoint detection and response, and 24/7 managed hunting, via the cloud.",
+ "IntegrationTypes": [
+ "SEND_FINDINGS_TO_SECURITY_HUB"
+ ],
+ "MarketplaceUrl": "https://aws.amazon.com/marketplace/seller-profile?id=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "ProductArn": "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon",
+ "ProductName": "CrowdStrike Falcon",
+ "ProductSubscriptionResourcePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789333\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789012:product-subscription/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"123456789012\"},\"Action\":[\"securityhub:BatchImportFindings\"],\"Resource\":\"arn:aws:securityhub:us-west-1:123456789333:product/crowdstrike/crowdstrike-falcon\",\"Condition\":{\"StringEquals\":{\"securityhub:TargetAccount\":\"123456789012\"}}}]}"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns details about AWS services and third-party products that Security Hub integrates with.",
+ "id": "to-get-information-about-security-hub-integrations-1676061228533",
+ "title": "To get information about Security Hub integrations"
+ }
+ ],
+ "DescribeStandards": [
+ {
+ "input": {
+ },
+ "output": {
+ "Standards": [
+ {
+ "Description": "The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align to security best practices. The standard is defined by AWS security experts. This curated set of controls helps improve your security posture in AWS, and cover AWS's most popular and foundational services.",
+ "EnabledByDefault": true,
+ "Name": "AWS Foundational Security Best Practices v1.0.0",
+ "StandardsArn": "arn:aws:securityhub:us-west-1::standards/aws-foundational-security-best-practices/v/1.0.0"
+ },
+ {
+ "Description": "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.",
+ "EnabledByDefault": true,
+ "Name": "CIS AWS Foundations Benchmark v1.2.0",
+ "StandardsArn": "arn:aws:securityhub:us-west-1::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+ },
+ {
+ "Description": "The Center for Internet Security (CIS) AWS Foundations Benchmark v1.4.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.",
+ "EnabledByDefault": false,
+ "Name": "CIS AWS Foundations Benchmark v1.4.0",
+ "StandardsArn": "arn:aws::securityhub:us-west-1::standards/cis-aws-foundations-benchmark/v/1.4.0"
+ },
+ {
+ "Description": "The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is an information security standard for entities that store, process, and/or transmit cardholder data. This Security Hub standard automatically checks for your compliance readiness against a subset of PCI DSS requirements.",
+ "EnabledByDefault": false,
+ "Name": "PCI DSS v3.2.1",
+ "StandardsArn": "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns a list of available security standards in Security Hub.",
+ "id": "to-get-available-security-hub-standards-1676307464661",
+ "title": "To get available Security Hub standards"
+ }
+ ],
+ "DescribeStandardsControls": [
+ {
+ "input": {
+ "MaxResults": 2,
+ "NextToken": "NULL",
+ "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"
+ },
+ "output": {
+ "Controls": [
+ {
+ "ControlId": "PCI.AutoScaling.1",
+ "ControlStatus": "ENABLED",
+ "ControlStatusUpdatedAt": "2020-05-15T18:49:04.473000+00:00",
+ "Description": "This AWS control checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.",
+ "RelatedRequirements": [
+ "PCI DSS 2.2"
+ ],
+ "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/PCI.AutoScaling.1/remediation",
+ "SeverityRating": "LOW",
+ "StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1",
+ "Title": "Auto scaling groups associated with a load balancer should use health checks"
+ },
+ {
+ "ControlId": "PCI.CW.1",
+ "ControlStatus": "ENABLED",
+ "ControlStatusUpdatedAt": "2020-05-15T18:49:04.498000+00:00",
+ "Description": "This control checks for the CloudWatch metric filters using the following pattern { $.userIdentity.type = \"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\" } It checks that the log group name is configured for use with active multi-region CloudTrail, that there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All, and that there is at least one active subscriber to an SNS topic associated with the alarm.",
+ "RelatedRequirements": [
+ "PCI DSS 7.2.1"
+ ],
+ "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/PCI.CW.1/remediation",
+ "SeverityRating": "MEDIUM",
+ "StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.CW.1",
+ "Title": "A log metric filter and alarm should exist for usage of the \"root\" user"
+ }
+ ],
+ "NextToken": "U2FsdGVkX1+eNkPoZHVl11ip5HUYQPWSWZGmftcmJiHL8JoKEsCDuaKayiPDyLK+LiTkShveoOdvfxXCkOBaGhohIXhsIedN+LSjQV/l7kfCfJcq4PziNC1N9xe9aq2pjlLVZnznTfSImrodT5bRNHe4fELCQq/z+5ka+5Lzmc11axcwTd5lKgQyQqmUVoeriHZhyIiBgWKf7oNYdBVG8OEortVWvSkoUTt+B2ThcnC7l43kI0UNxlkZ6sc64AsW"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns a list of security controls and control details that apply to a specified security standard. The list includes controls that are enabled and disabled in the standard.",
+ "id": "to-get-a-list-of-controls-for-a-security-standard-1676308027759",
+ "title": "To get a list of controls for a security standard"
+ }
+ ],
+ "DisableImportFindingsForProduct": [
+ {
+ "input": {
+ "ProductSubscriptionArn": "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example ends an integration between Security Hub and the specified product that sends findings to Security Hub. After the integration ends, the product no longer sends findings to Security Hub.",
+ "id": "to-end-a-security-hub-integration-1676480035650",
+ "title": "To end a Security Hub integration"
+ }
+ ],
+ "DisableOrganizationAdminAccount": [
+ {
+ "input": {
+ "AdminAccountId": "123456789012"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example removes the Security Hub administrator account in the Region from which the operation was executed. This operation doesn't remove the delegated administrator account in AWS Organizations.",
+ "id": "to-remove-a-security-hub-administrator-account-1676480521876",
+ "title": "To remove a Security Hub administrator account"
+ }
+ ],
+ "DisableSecurityHub": [
+ {
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example deactivates Security Hub for the current account and Region.",
+ "id": "to-deactivate-security-hub-1676583894245",
+ "title": "To deactivate Security Hub"
+ }
+ ],
+ "DisassociateFromAdministratorAccount": [
+ {
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example dissociates the requesting account from its associated administrator account.",
+ "id": "to-disassociate-requesting-account-from-administrator-account-1676584168509",
+ "title": "To disassociate requesting account from administrator account"
+ }
+ ],
+ "DisassociateMembers": [
+ {
+ "input": {
+ "AccountIds": [
+ "123456789012",
+ "111122223333"
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example dissociates the specified member accounts from the associated administrator account.",
+ "id": "to-disassociate-member-accounts-from-administrator-account-1676918349164",
+ "title": "To disassociate member accounts from administrator account"
+ }
+ ],
+ "EnableImportFindingsForProduct": [
+ {
+ "input": {
+ "ProductArn": "arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon"
+ },
+ "output": {
+ "ProductSubscriptionArn": "arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example activates an integration between Security Hub and a third party partner product that sends findings to Security Hub.",
+ "id": "to-activate-an-integration-1676918918114",
+ "title": "To activate an integration"
+ }
+ ],
+ "EnableOrganizationAdminAccount": [
+ {
+ "input": {
+ "AdminAccountId": "123456789012"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example designates the specified account as the Security Hub administrator account. The requesting account must be the organization management account.",
+ "id": "to-designate-a-security-hub-administrator-1676998319851",
+ "title": "To designate a Security Hub administrator"
+ }
+ ],
+ "EnableSecurityHub": [
+ {
+ "input": {
+ "EnableDefaultStandards": true,
+ "Tags": {
+ "Department": "Security"
+ }
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example activates the Security Hub service in the requesting AWS account. The service is activated in the current AWS Region or the Region that you specify in the request. Some standards are automatically turned on in your account unless you opt out. To determine which standards are automatically turned on, see the Security Hub documentation.",
+ "id": "to-activate-security-hub-1676998538599",
+ "title": "To activate Security Hub"
+ }
+ ],
+ "GetAdministratorAccount": [
+ {
+ "output": {
+ "Administrator": {
+ "AccountId": "123456789012",
+ "InvitationId": "7ab938c5d52d7904ad09f9e7c20cc4eb",
+ "InvitedAt": "2020-06-01T20:21:18.042000+00:00",
+ "MemberStatus": "ASSOCIATED"
+ }
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example provides details about the Security Hub administrator account for the requesting member account.",
+ "id": "to-get-details-about-the-security-hub-administrator-account-1676998997182",
+ "title": "To get details about the Security Hub administrator account"
+ }
+ ],
+ "GetEnabledStandards": [
+ {
+ "input": {
+ "StandardsSubscriptionArns": [
+ "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"
+ ]
+ },
+ "output": {
+ "StandardsSubscriptions": [
+ {
+ "StandardsArn": "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1",
+ "StandardsInput": {
+ },
+ "StandardsStatus": "READY",
+ "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns a list of Security Hub standards that are currently enabled in your account. ",
+ "id": "to-return-a-list-of-enabled-standards-1677090731129",
+ "title": "To return a list of enabled standards"
+ }
+ ],
+ "GetFindingAggregator": [
+ {
+ "input": {
+ "FindingAggregatorArn": "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+ },
+ "output": {
+ "FindingAggregationRegion": "us-east-1",
+ "FindingAggregatorArn": "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "RegionLinkingMode": "SPECIFIED_REGIONS",
+ "Regions": [
+ "us-west-1",
+ "us-west-2"
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns cross-Region aggregation details for the requesting account. ",
+ "id": "to-get-cross-region-aggregation-details-1677091474868",
+ "title": "To get cross-Region aggregation details"
+ }
+ ],
+ "GetFindings": [
+ {
+ "input": {
+ "Filters": {
+ "AwsAccountId": [
+ {
+ "Comparison": "PREFIX",
+ "Value": "123456789012"
+ }
+ ]
+ },
+ "MaxResults": 1
+ },
+ "output": {
+ "Findings": [
+ {
+ "AwsAccountId": "123456789012",
+ "CompanyName": "AWS",
+ "Compliance": {
+ "AssociatedStandards": [
+ {
+ "StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"
+ },
+ {
+ "StandardsId": "standards/pci-dss/v/3.2.1"
+ },
+ {
+ "StandardsId": "ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+ },
+ {
+ "StandardsId": "standards/cis-aws-foundations-benchmark/v/1.4.0"
+ },
+ {
+ "StandardsId": "standards/service-managed-aws-control-tower/v/1.0.0"
+ }
+ ],
+ "RelatedRequirements": [
+ "PCI DSS v3.2.1/3.4",
+ "CIS AWS Foundations Benchmark v1.2.0/2.7",
+ "CIS AWS Foundations Benchmark v1.4.0/3.7"
+ ],
+ "SecurityControlId": "CloudTrail.2",
+ "Status": "FAILED"
+ },
+ "CreatedAt": "2022-10-06T02:18:23.076Z",
+ "Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.",
+ "FindingProviderFields": {
+ "Severity": {
+ "Label": "MEDIUM",
+ "Original": "MEDIUM"
+ },
+ "Types": [
+ "Software and Configuration Checks/Industry and Regulatory Standards"
+ ]
+ },
+ "FirstObservedAt": "2022-10-06T02:18:23.076Z",
+ "GeneratorId": "security-control/CloudTrail.2",
+ "Id": "arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "LastObservedAt": "2022-10-28T16:10:06.956Z",
+ "ProductArn": "arn:aws:securityhub:us-east-2::product/aws/securityhub",
+ "ProductFields": {
+ "RelatedAWSResources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f",
+ "RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
+ "Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT",
+ "aws/securityhub/CompanyName": "AWS",
+ "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "aws/securityhub/ProductName": "Security Hub"
+ },
+ "ProductName": "Security Hub",
+ "RecordState": "ACTIVE",
+ "Region": "us-east-2",
+ "Remediation": {
+ "Recommendation": {
+ "Text": "For directions on how to correct this issue, consult the AWS Security Hub controls documentation.",
+ "Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation"
+ }
+ },
+ "Resources": [
+ {
+ "Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT",
+ "Partition": "aws",
+ "Region": "us-east-2",
+ "Type": "AwsCloudTrailTrail"
+ }
+ ],
+ "SchemaVersion": "2018-10-08",
+ "Severity": {
+ "Label": "MEDIUM",
+ "Normalized": 40,
+ "Original": "MEDIUM"
+ },
+ "Title": "CloudTrail should have encryption at-rest enabled",
+ "Types": [
+ "Software and Configuration Checks/Industry and Regulatory Standards"
+ ],
+ "UpdatedAt": "2022-10-28T16:10:00.093Z",
+ "Workflow": {
+ "Status": "NEW"
+ },
+ "WorkflowState": "NEW"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns a filtered and sorted list of Security Hub findings.",
+ "id": "to-get-a-list-of-findings-1677181069931",
+ "title": "To get a list of findings"
+ }
+ ],
+ "GetInsightResults": [
+ {
+ "input": {
+ "InsightArn": "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+ },
+ "output": {
+ "InsightResults": {
+ "GroupByAttribute": "ResourceId",
+ "InsightArn": "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "ResultValues": [
+ {
+ "Count": 10,
+ "GroupByAttributeValue": "AWS::::Account:111122223333"
+ },
+ {
+ "Count": 3,
+ "GroupByAttributeValue": "AWS::::Account:444455556666"
+ }
+ ]
+ }
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns the results of the Security Hub insight specified by the insight ARN.",
+ "id": "to-get-the-results-of-a-security-hub-insight-1677182822019",
+ "title": "To get the results of a Security Hub insight"
+ }
+ ],
+ "GetInsights": [
+ {
+ "input": {
+ "InsightArns": [
+ "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+ ]
+ },
+ "output": {
+ "Insights": [
+ {
+ "Filters": {
+ "ResourceType": [
+ {
+ "Comparison": "EQUALS",
+ "Value": "AwsIamRole"
+ }
+ ],
+ "SeverityLabel": [
+ {
+ "Comparison": "EQUALS",
+ "Value": "CRITICAL"
+ }
+ ]
+ },
+ "GroupByAttribute": "ResourceId",
+ "InsightArn": "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "Name": "Critical role findings"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns details of the Security Hub insight with the specified ARN.",
+ "id": "to-get-details-of-a-security-hub-insight-1677774127203",
+ "title": "To get details of a Security Hub insight"
+ }
+ ],
+ "GetInvitationsCount": [
+ {
+ "output": {
+ "InvitationsCount": 3
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns a count of invitations that the Security Hub administrator sent to the current member account, not including the currently accepted invitation.\n\n",
+ "id": "to-get-a-count-of-membership-invitations-1677774568793",
+ "title": "To get a count of membership invitations"
+ }
+ ],
+ "GetMembers": [
+ {
+ "input": {
+ "AccountIds": [
+ "444455556666",
+ "777788889999"
+ ]
+ },
+ "output": {
+ "Members": [
+ {
+ "AccountId": "444455556666",
+ "AdministratorId": "123456789012",
+ "InvitedAt": "2020-06-01T20:15:15.289000+00:00",
+ "MasterId": "123456789012",
+ "MemberStatus": "ASSOCIATED",
+ "UpdatedAt": "2020-06-01T20:15:15.289000+00:00"
+ },
+ {
+ "AccountId": "777788889999",
+ "AdministratorId": "123456789012",
+ "InvitedAt": "2020-06-01T20:15:15.289000+00:00",
+ "MasterId": "123456789012",
+ "MemberStatus": "ASSOCIATED",
+ "UpdatedAt": "2020-06-01T20:15:15.289000+00:00"
+ }
+ ],
+ "UnprocessedAccounts": [
+
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns details for the Security Hub member accounts with the specified AWS account IDs. An administrator account may be the delegated Security Hub administrator account for an organization or an administrator account that enabled Security Hub manually. The Security Hub administrator must call this operation.",
+ "id": "to-get-member-account-details-1677774956489",
+ "title": "To get member account details"
+ }
+ ],
+ "InviteMembers": [
+ {
+ "input": {
+ "AccountIds": [
+ "111122223333",
+ "444455556666"
+ ]
+ },
+ "output": {
+ "UnprocessedAccounts": [
+
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example invites the specified AWS accounts to become member accounts associated with the calling Security Hub administrator account. You only use this operation to invite accounts that don't belong to an AWS Organizations organization.",
+ "id": "to-invite-accounts-to-become-members-1677775500860",
+ "title": "To invite accounts to become members"
+ }
+ ],
+ "ListEnabledProductsForImport": [
+ {
+ "output": {
+ "ProductSubscriptions": [
+ "arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon",
+ "arn:aws:securityhub:us-east-1::product/3coresec/3coresec"
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns a list of subscription Amazon Resource Names (ARNs) for the product integrations that you have currently enabled in Security Hub.",
+ "id": "to-list-arns-for-enabled-integrations-1678294870020",
+ "title": "To list ARNs for enabled integrations"
+ }
+ ],
+ "ListFindingAggregators": [
+ {
+ "input": {
+ },
+ "output": {
+ "FindingAggregators": [
+ {
+ "FindingAggregatorArn": "arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example disables the specified control in the specified security standard.",
+ "id": "to-update-the-enablement-status-of-a-standard-control-1678912506444",
+ "title": "To update the enablement status of a standard control"
+ }
+ ],
+ "ListInvitations": [
+ {
+ "output": {
+ "Invitations": [
+ {
+ "AccountId": "123456789012",
+ "InvitationId": "7ab938c5d52d7904ad09f9e7c20cc4eb",
+ "InvitedAt": "2020-06-01T20:21:18.042000+00:00",
+ "MemberStatus": "ASSOCIATED"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns a list of Security Hub member invitations sent to the calling AWS account. Only accounts that are invited manually use this operation. It's not for use by accounts that are managed through AWS Organizations.",
+ "id": "to-list-membership-invitations-to-calling-account-1678295758285",
+ "title": "To list membership invitations to calling account"
+ }
+ ],
+ "ListMembers": [
+ {
+ "output": {
+ "Members": [
+ {
+ "AccountId": "111122223333",
+ "AdministratorId": "123456789012",
+ "InvitedAt": "2020-06-01T20:15:15.289000+00:00",
+ "MasterId": "123456789012",
+ "MemberStatus": "ASSOCIATED",
+ "UpdatedAt": "2020-06-01T20:15:15.289000+00:00"
+ },
+ {
+ "AccountId": "444455556666",
+ "AdministratorId": "123456789012",
+ "InvitedAt": "2020-06-01T20:15:15.289000+00:00",
+ "MasterId": "123456789012",
+ "MemberStatus": "ASSOCIATED",
+ "UpdatedAt": "2020-06-01T20:15:15.289000+00:00"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns details about member accounts for the calling Security Hub administrator account. The response includes member accounts that are managed through AWS Organizations and those that were invited manually.",
+ "id": "to-list-member-account-details-1678385639113",
+ "title": "To list member account details"
+ }
+ ],
+ "ListOrganizationAdminAccounts": [
+ {
+ "output": {
+ "AdminAccounts": [
+ {
+ "AccountId": "777788889999"
+ },
+ {
+ "Status": "ENABLED"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example lists the Security Hub administrator accounts for an organization. Only the organization management account can call this operation.",
+ "id": "to-list-administrator-acccounts-for-an-organization-1678386548110",
+ "title": "To list administrator acccounts for an organization"
+ }
+ ],
+ "ListSecurityControlDefinitions": [
+ {
+ "input": {
+ "MaxResults": 3,
+ "NextToken": "NULL",
+ "StandardsArn": "arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0"
+ },
+ "output": {
+ "NextToken": "U2FsdGVkX1...",
+ "SecurityControlDefinitions": [
+ {
+ "CurrentRegionAvailability": "AVAILABLE",
+ "Description": "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.",
+ "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation",
+ "SecurityControlId": "ACM.1",
+ "SeverityRating": "MEDIUM",
+ "Title": "Imported and ACM-issued certificates should be renewed after a specified time period"
+ },
+ {
+ "CurrentRegionAvailability": "AVAILABLE",
+ "Description": "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.",
+ "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation",
+ "SecurityControlId": "APIGateway.1",
+ "SeverityRating": "MEDIUM",
+ "Title": "API Gateway REST and WebSocket API execution logging should be enabled"
+ },
+ {
+ "CurrentRegionAvailability": "AVAILABLE",
+ "Description": "This control checks whether Amazon API Gateway REST API stages have SSL certificates configured that backend systems can use to authenticate that incoming requests are from the API Gateway.",
+ "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/APIGateway.2/remediation",
+ "SecurityControlId": "APIGateway.2",
+ "SeverityRating": "MEDIUM",
+ "Title": "API Gateway REST API stages should be configured to use SSL certificates for backend authentication"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example lists security controls that apply to a specified Security Hub standard. ",
+ "id": "to-list-security-controls-that-apply-to-a-standard-1678386912894",
+ "title": "To list security controls that apply to a standard"
+ }
+ ],
+ "ListStandardsControlAssociations": [
+ {
+ "input": {
+ "SecurityControlId": "S3.1"
+ },
+ "output": {
+ "StandardsControlAssociationSummaries": [
+ {
+ "AssociationStatus": "ENABLED",
+ "RelatedRequirements": [
+ "PCI DSS 1.2.1",
+ "PCI DSS 1.3.1",
+ "PCI DSS 1.3.2",
+ "PCI DSS 1.3.4",
+ "PCI DSS 1.3.6"
+ ],
+ "SecurityControlArn": "arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1",
+ "SecurityControlId": "S3.1",
+ "StandardsArn": "arn:aws:securityhub:us-west-2::standards/pci-dss/v/3.2.1",
+ "StandardsControlDescription": "This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.",
+ "StandardsControlTitle": "S3 Block Public Access setting should be enabled",
+ "UpdatedAt": "2022-01-13T23:03:46.648000+00:00"
+ },
+ {
+ "AssociationStatus": "DISABLED",
+ "RelatedRequirements": [
+
+ ],
+ "SecurityControlArn": "arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1",
+ "SecurityControlId": "S3.1",
+ "StandardsArn": "arn:aws:securityhub:us-west-2::standards/aws-foundational-security-best-practices/v/1.0.0",
+ "StandardsControlDescription": "This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.",
+ "StandardsControlTitle": "S3 Block Public Access setting should be enabled",
+ "UpdatedAt": "2022-08-12T22:59:04.924000+00:00",
+ "UpdatedReason": "Not relevant to environment"
+ }
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example specifies whether a control is currently enabled or disabled in each enabled standard in the calling account. The response also provides other details about the control.",
+ "id": "to-say-whether-standard-1678389297986",
+ "title": "To say whether standard"
+ }
+ ],
+ "ListTagsForResource": [
+ {
+ "input": {
+ "ResourceArn": "arn:aws:securityhub:us-west-1:123456789012:hub/default"
+ },
+ "output": {
+ "Tags": {
+ "Area": "USMidwest",
+ "Department": "Operations"
+ }
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example returns a list of tags associated with the specified resource.",
+ "id": "to-get-a-list-of-tags-for-a-resource-1678477883796",
+ "title": "To get a list of tags for a resource"
+ }
+ ],
+ "TagResource": [
+ {
+ "input": {
+ "ResourceArn": "arn:aws:securityhub:us-west-1:123456789012:hub/default",
+ "Tags": {
+ "Area": "USMidwest",
+ "Department": "Operations"
+ }
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example adds the 'Department' and 'Area' tags to the specified resource.",
+ "id": "to-tag-a-resource-1678478687320",
+ "title": "To tag a resource"
+ }
+ ],
+ "UntagResource": [
+ {
+ "input": {
+ "ResourceArn": "arn:aws:securityhub:us-west-1:123456789012:hub/default",
+ "TagKeys": [
+ "Department"
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example removes the 'Department' tag from the specified resource.",
+ "id": "to-remove-tags-from-a-resource-1678478903748",
+ "title": "To remove tags from a resource"
+ }
+ ],
+ "UpdateActionTarget": [
+ {
+ "input": {
+ "ActionTargetArn": "arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation",
+ "Description": "Sends specified findings to customer service chat",
+ "Name": "Chat custom action"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example updates the name and description of a custom action target in Security Hub. You can create custom actions to automatically respond to Security Hub findings using Amazon EventBridge. ",
+ "id": "to-update-the-name-and-description-of-a-custom-action-target-1678814873015",
+ "title": "To update the name and description of a custom action target"
+ }
+ ],
+ "UpdateFindingAggregator": [
+ {
+ "input": {
+ "FindingAggregatorArn": "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "RegionLinkingMode": "SPECIFIED_REGIONS",
+ "Regions": [
+ "us-west-1",
+ "us-west-2"
+ ]
+ },
+ "output": {
+ "FindingAggregationRegion": "us-east-1",
+ "FindingAggregatorArn": "arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "RegionLinkingMode": "SPECIFIED_REGIONS",
+ "Regions": [
+ "us-west-1",
+ "us-west-2"
+ ]
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example updates the cross-Region aggregation configuration. You use this operation to change the list of linked Regions and the treatment of new Regions. However, you cannot use this operation to change the aggregation Region.",
+ "id": "to-update-cross-region-aggregation-settings-1678815536396",
+ "title": "To update cross-Region aggregation settings"
+ }
+ ],
+ "UpdateInsight": [
+ {
+ "input": {
+ "Filters": {
+ "ResourceType": [
+ {
+ "Comparison": "EQUALS",
+ "Value": "AwsIamRole"
+ }
+ ],
+ "SeverityLabel": [
+ {
+ "Comparison": "EQUALS",
+ "Value": "HIGH"
+ }
+ ]
+ },
+ "InsightArn": "arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "Name": "High severity role findings"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example updates the specified Security Hub insight.",
+ "id": "to-update-an-insight-1678816280498",
+ "title": "To update an insight"
+ }
+ ],
+ "UpdateOrganizationConfiguration": [
+ {
+ "input": {
+ "AutoEnable": true
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example updates the configuration for an organization so that Security Hub is automatically activated for new member accounts. Only the Security Hub administrator account can call this operation.",
+ "id": "to-update-organization-configuration-1678911630846",
+ "title": "To update organization configuration"
+ }
+ ],
+ "UpdateSecurityHubConfiguration": [
+ {
+ "input": {
+ "AutoEnableControls": true,
+ "ControlFindingGenerator": "SECURITY_CONTROL"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example updates Security Hub settings to turn on consolidated control findings, and to automatically enable new controls in enabled standards.",
+ "id": "to-update-security-hub-settings-1678912194496",
+ "title": "To update Security Hub settings"
+ }
+ ],
+ "UpdateStandardsControl": [
+ {
+ "input": {
+ "ControlStatus": "DISABLED",
+ "DisabledReason": "Not applicable to my service",
+ "StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1"
+ },
+ "comments": {
+ "input": {
+ },
+ "output": {
+ }
+ },
+ "description": "The following example disables the specified control in the specified security standard.",
+ "id": "to-update-the-enablement-status-of-a-standard-control-1678912506444",
+ "title": "To update the enablement status of a standard control"
+ }
+ ]
}
}
diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json
index 75b07320f07..be585fdf797 100644
--- a/models/endpoints/endpoints.json
+++ b/models/endpoints/endpoints.json
@@ -1839,8 +1839,10 @@
"ap-southeast-1" : { },
"ap-southeast-2" : { },
"ap-southeast-3" : { },
+ "ap-southeast-4" : { },
"ca-central-1" : { },
"eu-central-1" : { },
+ "eu-central-2" : { },
"eu-north-1" : { },
"eu-south-1" : { },
"eu-south-2" : { },
@@ -18960,9 +18962,29 @@
},
"endpoints" : {
"us-gov-east-1" : {
+ "hostname" : "application-autoscaling.us-gov-east-1.amazonaws.com",
+ "protocols" : [ "http", "https" ],
+ "variants" : [ {
+ "hostname" : "application-autoscaling.us-gov-east-1.amazonaws.com",
+ "tags" : [ "fips" ]
+ } ]
+ },
+ "us-gov-east-1-fips" : {
+ "deprecated" : true,
+ "hostname" : "application-autoscaling.us-gov-east-1.amazonaws.com",
"protocols" : [ "http", "https" ]
},
"us-gov-west-1" : {
+ "hostname" : "application-autoscaling.us-gov-west-1.amazonaws.com",
+ "protocols" : [ "http", "https" ],
+ "variants" : [ {
+ "hostname" : "application-autoscaling.us-gov-west-1.amazonaws.com",
+ "tags" : [ "fips" ]
+ } ]
+ },
+ "us-gov-west-1-fips" : {
+ "deprecated" : true,
+ "hostname" : "application-autoscaling.us-gov-west-1.amazonaws.com",
"protocols" : [ "http", "https" ]
}
}
diff --git a/service/comprehend/api.go b/service/comprehend/api.go
index 3b28a56f444..7d667affa13 100644
--- a/service/comprehend/api.go
+++ b/service/comprehend/api.go
@@ -939,10 +939,9 @@ func (c *Comprehend) CreateDocumentClassifierRequest(input *CreateDocumentClassi
// CreateDocumentClassifier API operation for Amazon Comprehend.
//
// Creates a new document classifier that you can use to categorize documents.
-// To create a classifier, you provide a set of training documents that labeled
-// with the categories that you want to use. After the classifier is trained
-// you can use it to categorize a set of labeled documents into the categories.
-// For more information, see Document Classification (https://docs.aws.amazon.com/comprehend/latest/dg/how-document-classification.html)
+// To create a classifier, you provide a set of training documents that are
+// labeled with the categories that you want to use. For more information, see
+// Training classifier models (https://docs.aws.amazon.com/comprehend/latest/dg/training-classifier-model.html)
// in the Comprehend Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -6801,6 +6800,10 @@ func (c *Comprehend) StartDocumentClassificationJobRequest(input *StartDocumentC
// tags per resource). The maximum number of tags includes both existing tags
// and those included in your current request.
//
+// - ResourceInUseException
+// The specified resource name is already in use. Use a different name and try
+// your request again.
+//
// - InternalServerException
// An internal server error occurred. Retry your request.
//
@@ -6896,6 +6899,10 @@ func (c *Comprehend) StartDominantLanguageDetectionJobRequest(input *StartDomina
// tags per resource). The maximum number of tags includes both existing tags
// and those included in your current request.
//
+// - ResourceInUseException
+// The specified resource name is already in use. Use a different name and try
+// your request again.
+//
// - InternalServerException
// An internal server error occurred. Retry your request.
//
@@ -7004,6 +7011,10 @@ func (c *Comprehend) StartEntitiesDetectionJobRequest(input *StartEntitiesDetect
// tags per resource). The maximum number of tags includes both existing tags
// and those included in your current request.
//
+// - ResourceInUseException
+// The specified resource name is already in use. Use a different name and try
+// your request again.
+//
// - InternalServerException
// An internal server error occurred. Retry your request.
//
@@ -7098,6 +7109,10 @@ func (c *Comprehend) StartEventsDetectionJobRequest(input *StartEventsDetectionJ
// tags per resource). The maximum number of tags includes both existing tags
// and those included in your current request.
//
+// - ResourceInUseException
+// The specified resource name is already in use. Use a different name and try
+// your request again.
+//
// - InternalServerException
// An internal server error occurred. Retry your request.
//
@@ -7289,6 +7304,10 @@ func (c *Comprehend) StartKeyPhrasesDetectionJobRequest(input *StartKeyPhrasesDe
// tags per resource). The maximum number of tags includes both existing tags
// and those included in your current request.
//
+// - ResourceInUseException
+// The specified resource name is already in use. Use a different name and try
+// your request again.
+//
// - InternalServerException
// An internal server error occurred. Retry your request.
//
@@ -7383,6 +7402,10 @@ func (c *Comprehend) StartPiiEntitiesDetectionJobRequest(input *StartPiiEntities
// tags per resource). The maximum number of tags includes both existing tags
// and those included in your current request.
//
+// - ResourceInUseException
+// The specified resource name is already in use. Use a different name and try
+// your request again.
+//
// - InternalServerException
// An internal server error occurred. Retry your request.
//
@@ -7478,6 +7501,10 @@ func (c *Comprehend) StartSentimentDetectionJobRequest(input *StartSentimentDete
// tags per resource). The maximum number of tags includes both existing tags
// and those included in your current request.
//
+// - ResourceInUseException
+// The specified resource name is already in use. Use a different name and try
+// your request again.
+//
// - InternalServerException
// An internal server error occurred. Retry your request.
//
@@ -7574,6 +7601,10 @@ func (c *Comprehend) StartTargetedSentimentDetectionJobRequest(input *StartTarge
// tags per resource). The maximum number of tags includes both existing tags
// and those included in your current request.
//
+// - ResourceInUseException
+// The specified resource name is already in use. Use a different name and try
+// your request again.
+//
// - InternalServerException
// An internal server error occurred. Retry your request.
//
@@ -7669,6 +7700,10 @@ func (c *Comprehend) StartTopicsDetectionJobRequest(input *StartTopicsDetectionJ
// tags per resource). The maximum number of tags includes both existing tags
// and those included in your current request.
//
+// - ResourceInUseException
+// The specified resource name is already in use. Use a different name and try
+// your request again.
+//
// - InternalServerException
// An internal server error occurred. Retry your request.
//
@@ -10708,6 +10743,14 @@ type ClassifyDocumentOutput struct {
// can be just an action movie, or it can be an action movie, a science fiction
// movie, and a comedy, all at the same time.
Labels []*DocumentLabel `type:"list"`
+
+ // Warnings detected while processing the input document. The response includes
+ // a warning if there is a mismatch between the input document type and the
+ // model type associated with the endpoint that you specified. The response
+ // can also include warnings for individual pages that have a mismatch.
+ //
+ // The field is empty if the system generated no warnings.
+ Warnings []*WarningsListItem `type:"list"`
}
// String returns the string representation.
@@ -10758,6 +10801,12 @@ func (s *ClassifyDocumentOutput) SetLabels(v []*DocumentLabel) *ClassifyDocument
return s
}
+// SetWarnings sets the Warnings field's value.
+func (s *ClassifyDocumentOutput) SetWarnings(v []*WarningsListItem) *ClassifyDocumentOutput {
+ s.Warnings = v
+ return s
+}
+
// Concurrent modification of the tags associated with an Amazon Comprehend
// resource is not supported.
type ConcurrentModificationException struct {
@@ -11145,8 +11194,9 @@ type CreateDocumentClassifierInput struct {
// '{"attribute": "value", "attribute": ["value"]}'
ModelPolicy *string `min:"1" type:"string"`
- // Enables the addition of output results configuration parameters for custom
- // classifier jobs.
+ // Specifies the location for the output files from a custom classifier job.
+ // This parameter is required for a request that creates a native classifier
+ // model.
OutputDataConfig *DocumentClassifierOutputDataConfig `type:"structure"`
// Tags to associate with the document classifier. A tag is a key-value pair
@@ -15600,6 +15650,65 @@ func (s *DocumentClassificationJobProperties) SetVpcConfig(v *VpcConfig) *Docume
return s
}
+// The location of the training documents. This parameter is required in a request
+// to create a native classifier model.
+type DocumentClassifierDocuments struct {
+ _ struct{} `type:"structure"`
+
+ // The S3 URI location of the training documents specified in the S3Uri CSV
+ // file.
+ //
+ // S3Uri is a required field
+ S3Uri *string `type:"string" required:"true"`
+
+ // The S3 URI location of the test documents included in the TestS3Uri CSV file.
+ // This field is not required if you do not specify a test CSV file.
+ TestS3Uri *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DocumentClassifierDocuments) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DocumentClassifierDocuments) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DocumentClassifierDocuments) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DocumentClassifierDocuments"}
+ if s.S3Uri == nil {
+ invalidParams.Add(request.NewErrParamRequired("S3Uri"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetS3Uri sets the S3Uri field's value.
+func (s *DocumentClassifierDocuments) SetS3Uri(v string) *DocumentClassifierDocuments {
+ s.S3Uri = &v
+ return s
+}
+
+// SetTestS3Uri sets the TestS3Uri field's value.
+func (s *DocumentClassifierDocuments) SetTestS3Uri(v string) *DocumentClassifierDocuments {
+ s.TestS3Uri = &v
+ return s
+}
+
// Provides information for filtering a list of document classifiers. You can
// only specify one filtering parameter in a request. For more information,
// see the ListDocumentClassifiers operation.
@@ -15696,6 +15805,36 @@ type DocumentClassifierInputDataConfig struct {
// default.
DataFormat *string `type:"string" enum:"DocumentClassifierDataFormat"`
+ // Provides configuration parameters to override the default actions for extracting
+ // text from PDF documents and image files.
+ //
+ // By default, Amazon Comprehend performs the following actions to extract text
+ // from files, based on the input file type:
+ //
+ // * Word files - Amazon Comprehend parser extracts the text.
+ //
+ // * Digital PDF files - Amazon Comprehend parser extracts the text.
+ //
+ // * Image files and scanned PDF files - Amazon Comprehend uses the Amazon
+ // Textract DetectDocumentText API to extract the text.
+ //
+ // DocumentReaderConfig does not apply to plain text files or Word files.
+ //
+ // For image files and PDF documents, you can override these default actions
+ // using the fields listed below. For more information, see Setting text extraction
+ // options (https://docs.aws.amazon.com/comprehend/latest/dg/idp-set-textract-options.html)
+ // in the Comprehend Developer Guide.
+ DocumentReaderConfig *DocumentReaderConfig `type:"structure"`
+
+ // The type of input documents for training the model. Provide plain-text documents
+ // to create a plain-text model, and provide semi-structured documents to create
+ // a native model.
+ DocumentType *string `type:"string" enum:"DocumentClassifierDocumentTypeFormat"`
+
+ // The S3 location of the training documents. This parameter is required in
+ // a request to create a native classifier model.
+ Documents *DocumentClassifierDocuments `type:"structure"`
+
// Indicates the delimiter used to separate each label for training a multi-label
// classifier. The default delimiter between labels is a pipe (|). You can use
// a different character as a delimiter (if it's an allowed character) by specifying
@@ -15755,6 +15894,16 @@ func (s *DocumentClassifierInputDataConfig) Validate() error {
}
}
}
+ if s.DocumentReaderConfig != nil {
+ if err := s.DocumentReaderConfig.Validate(); err != nil {
+ invalidParams.AddNested("DocumentReaderConfig", err.(request.ErrInvalidParams))
+ }
+ }
+ if s.Documents != nil {
+ if err := s.Documents.Validate(); err != nil {
+ invalidParams.AddNested("Documents", err.(request.ErrInvalidParams))
+ }
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -15774,6 +15923,24 @@ func (s *DocumentClassifierInputDataConfig) SetDataFormat(v string) *DocumentCla
return s
}
+// SetDocumentReaderConfig sets the DocumentReaderConfig field's value.
+func (s *DocumentClassifierInputDataConfig) SetDocumentReaderConfig(v *DocumentReaderConfig) *DocumentClassifierInputDataConfig {
+ s.DocumentReaderConfig = v
+ return s
+}
+
+// SetDocumentType sets the DocumentType field's value.
+func (s *DocumentClassifierInputDataConfig) SetDocumentType(v string) *DocumentClassifierInputDataConfig {
+ s.DocumentType = &v
+ return s
+}
+
+// SetDocuments sets the Documents field's value.
+func (s *DocumentClassifierInputDataConfig) SetDocuments(v *DocumentClassifierDocuments) *DocumentClassifierInputDataConfig {
+ s.Documents = v
+ return s
+}
+
// SetLabelDelimiter sets the LabelDelimiter field's value.
func (s *DocumentClassifierInputDataConfig) SetLabelDelimiter(v string) *DocumentClassifierInputDataConfig {
s.LabelDelimiter = &v
@@ -15792,7 +15959,8 @@ func (s *DocumentClassifierInputDataConfig) SetTestS3Uri(v string) *DocumentClas
return s
}
-// Provides output results configuration parameters for custom classifier jobs.
+// Provide the location for output data from a custom classifier job. This field
+// is mandatory if you are training a native classifier model.
type DocumentClassifierOutputDataConfig struct {
_ struct{} `type:"structure"`
@@ -15814,9 +15982,9 @@ type DocumentClassifierOutputDataConfig struct {
// When you use the OutputDataConfig object while creating a custom classifier,
// you specify the Amazon S3 location where you want to write the confusion
- // matrix. The URI must be in the same Region as the API endpoint that you are
- // calling. The location is used as the prefix for the actual location of this
- // output file.
+ // matrix and other output files. The URI must be in the same Region as the
+ // API endpoint that you are calling. The location is used as the prefix for
+ // the actual location of this output file.
//
// When the custom classifier job is finished, the service creates the output
// file in a directory specific to the job. The S3Uri field contains the location
@@ -15921,8 +16089,12 @@ type DocumentClassifierProperties struct {
SourceModelArn *string `type:"string"`
// The status of the document classifier. If the status is TRAINED the classifier
- // is ready to use. If the status is FAILED you can see additional information
- // about why the classifier wasn't trained in the Message field.
+ // is ready to use. If the status is TRAINED_WITH_WARNINGS the classifier training
+ // succeeded, but you should review the warnings returned in the CreateDocumentClassifier
+ // response.
+ //
+ // If the status is FAILED you can see additional information about why the
+ // classifier wasn't trained in the Message field.
Status *string `type:"string" enum:"ModelStatus"`
// The time that the document classifier was submitted for training.
@@ -16266,7 +16438,8 @@ func (s *DocumentMetadata) SetPages(v int64) *DocumentMetadata {
//
// For image files and PDF documents, you can override these default actions
// using the fields listed below. For more information, see Setting text extraction
-// options (https://docs.aws.amazon.com/comprehend/latest/dg/detecting-cer.html#detecting-cer-pdf).
+// options (https://docs.aws.amazon.com/comprehend/latest/dg/idp-set-textract-options.html)
+// in the Comprehend Developer Guide.
type DocumentReaderConfig struct {
_ struct{} `type:"structure"`
@@ -28265,6 +28438,63 @@ func (s *VpcConfig) SetSubnets(v []*string) *VpcConfig {
return s
}
+// The system identified one of the following warnings while processing the
+// input document:
+//
+// - The document to classify is plain text, but the classifier is a native
+// model.
+//
+// - The document to classify is semi-structured, but the classifier is a
+// plain-text model.
+type WarningsListItem struct {
+ _ struct{} `type:"structure"`
+
+ // Page number in the input document.
+ Page *int64 `type:"integer"`
+
+ // The type of warning.
+ WarnCode *string `type:"string" enum:"PageBasedWarningCode"`
+
+ // Text message associated with the warning.
+ WarnMessage *string `min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WarningsListItem) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WarningsListItem) GoString() string {
+ return s.String()
+}
+
+// SetPage sets the Page field's value.
+func (s *WarningsListItem) SetPage(v int64) *WarningsListItem {
+ s.Page = &v
+ return s
+}
+
+// SetWarnCode sets the WarnCode field's value.
+func (s *WarningsListItem) SetWarnCode(v string) *WarningsListItem {
+ s.WarnCode = &v
+ return s
+}
+
+// SetWarnMessage sets the WarnMessage field's value.
+func (s *WarningsListItem) SetWarnMessage(v string) *WarningsListItem {
+ s.WarnMessage = &v
+ return s
+}
+
const (
// AugmentedManifestsDocumentTypeFormatPlainTextDocument is a AugmentedManifestsDocumentTypeFormat enum value
AugmentedManifestsDocumentTypeFormatPlainTextDocument = "PLAIN_TEXT_DOCUMENT"
@@ -28365,6 +28595,22 @@ func DocumentClassifierDataFormat_Values() []string {
}
}
+const (
+ // DocumentClassifierDocumentTypeFormatPlainTextDocument is a DocumentClassifierDocumentTypeFormat enum value
+ DocumentClassifierDocumentTypeFormatPlainTextDocument = "PLAIN_TEXT_DOCUMENT"
+
+ // DocumentClassifierDocumentTypeFormatSemiStructuredDocument is a DocumentClassifierDocumentTypeFormat enum value
+ DocumentClassifierDocumentTypeFormatSemiStructuredDocument = "SEMI_STRUCTURED_DOCUMENT"
+)
+
+// DocumentClassifierDocumentTypeFormat_Values returns all elements of the DocumentClassifierDocumentTypeFormat enum
+func DocumentClassifierDocumentTypeFormat_Values() []string {
+ return []string{
+ DocumentClassifierDocumentTypeFormatPlainTextDocument,
+ DocumentClassifierDocumentTypeFormatSemiStructuredDocument,
+ }
+}
+
const (
// DocumentClassifierModeMultiClass is a DocumentClassifierMode enum value
DocumentClassifierModeMultiClass = "MULTI_CLASS"
@@ -28845,6 +29091,22 @@ func PageBasedErrorCode_Values() []string {
}
}
+const (
+ // PageBasedWarningCodeInferencingPlaintextWithNativeTrainedModel is a PageBasedWarningCode enum value
+ PageBasedWarningCodeInferencingPlaintextWithNativeTrainedModel = "INFERENCING_PLAINTEXT_WITH_NATIVE_TRAINED_MODEL"
+
+ // PageBasedWarningCodeInferencingNativeDocumentWithPlaintextTrainedModel is a PageBasedWarningCode enum value
+ PageBasedWarningCodeInferencingNativeDocumentWithPlaintextTrainedModel = "INFERENCING_NATIVE_DOCUMENT_WITH_PLAINTEXT_TRAINED_MODEL"
+)
+
+// PageBasedWarningCode_Values returns all elements of the PageBasedWarningCode enum
+func PageBasedWarningCode_Values() []string {
+ return []string{
+ PageBasedWarningCodeInferencingPlaintextWithNativeTrainedModel,
+ PageBasedWarningCodeInferencingNativeDocumentWithPlaintextTrainedModel,
+ }
+}
+
const (
// PartOfSpeechTagTypeAdj is a PartOfSpeechTagType enum value
PartOfSpeechTagTypeAdj = "ADJ"
diff --git a/service/ecs/api.go b/service/ecs/api.go
index 4e126f5df69..df30f3cb092 100644
--- a/service/ecs/api.go
+++ b/service/ecs/api.go
@@ -3996,6 +3996,15 @@ func (c *ECS) PutAccountSettingRequest(input *PutAccountSettingInput) (req *requ
// (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html)
// in the Amazon Elastic Container Service Developer Guide.
//
+// Amazon ECS is introducing tagging authorization for resource creation. Users
+// must have permissions for actions that create the resource, such as ecsCreateCluster.
+// If tags are specified when you create a resource, Amazon Web Services performs
+// additional authorization to verify if users or roles have permissions to
+// create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource
+// action. For more information, see Grant permission to tag resources on creation
+// (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/supported-iam-actions-tagging.html)
+// in the Amazon ECS Developer Guide.
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -13889,6 +13898,8 @@ func (s *EnvironmentFile) SetValue(v string) *EnvironmentFile {
// platforms:
//
// - Linux platform version 1.4.0 or later.
+//
+// - Windows platform version 1.0.0 or later.
type EphemeralStorage struct {
_ struct{} `type:"structure"`
@@ -18388,7 +18399,10 @@ type PutAccountSettingDefaultInput struct {
// your Amazon ECS container instances is affected. If awsvpcTrunking is specified,
// the ENI limit for your Amazon ECS container instances is affected. If containerInsights
// is specified, the default setting for Amazon Web Services CloudWatch Container
- // Insights for your clusters is affected.
+ // Insights for your clusters is affected. If tagResourceAuthorization is specified,
+ // the opt-in option for tagging resources on creation is affected. For information
+ // about the opt-in timeline, see Tagging authorization timeline (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#tag-resources)
+ // in the Amazon ECS Developer Guide.
//
// When you specify fargateFIPSMode for the name and enabled for the value,
// Fargate uses FIPS-140 compliant cryptographic algorithms on your tasks. For
@@ -18495,7 +18509,10 @@ type PutAccountSettingInput struct {
// for your Amazon ECS container instances is affected. If containerInsights
// is specified, the default setting for Amazon Web Services CloudWatch Container
// Insights for your clusters is affected. If fargateFIPSMode is specified,
- // Fargate FIPS 140 compliance is affected.
+ // Fargate FIPS 140 compliance is affected. If tagResourceAuthorization is specified,
+ // the opt-in option for tagging resources on creation is affected. For information
+ // about the opt-in timeline, see Tagging authorization timeline (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#tag-resources)
+ // in the Amazon ECS Developer Guide.
//
// Name is a required field
Name *string `locationName:"name" type:"string" required:"true" enum:"SettingName"`
@@ -19109,6 +19126,8 @@ type RegisterTaskDefinitionInput struct {
// platforms:
//
// * Linux platform version 1.4.0 or later.
+ //
+ // * Windows platform version 1.0.0 or later.
EphemeralStorage *EphemeralStorage `locationName:"ephemeralStorage" type:"structure"`
// The Amazon Resource Name (ARN) of the task execution role that grants the
@@ -21680,8 +21699,8 @@ type StartTaskInput struct {
EnableECSManagedTags *bool `locationName:"enableECSManagedTags" type:"boolean"`
// Whether or not the execute command functionality is turned on for the task.
- // If true, this enables execute command functionality on all containers in
- // the task.
+ // If true, this turns on the execute command functionality on all containers
+ // in the task.
EnableExecuteCommand *bool `locationName:"enableExecuteCommand" type:"boolean"`
// The name of the task group to associate with the task. The default value
@@ -27025,6 +27044,9 @@ const (
// SettingNameFargateFipsmode is a SettingName enum value
SettingNameFargateFipsmode = "fargateFIPSMode"
+
+ // SettingNameTagResourceAuthorization is a SettingName enum value
+ SettingNameTagResourceAuthorization = "tagResourceAuthorization"
)
// SettingName_Values returns all elements of the SettingName enum
@@ -27036,6 +27058,7 @@ func SettingName_Values() []string {
SettingNameAwsvpcTrunking,
SettingNameContainerInsights,
SettingNameFargateFipsmode,
+ SettingNameTagResourceAuthorization,
}
}
diff --git a/service/ram/api.go b/service/ram/api.go
index 6d15b98c14f..3f4322ae5ec 100644
--- a/service/ram/api.go
+++ b/service/ram/api.go
@@ -71,36 +71,40 @@ func (c *RAM) AcceptResourceShareInvitationRequest(input *AcceptResourceShareInv
// Returned Error Types:
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - OperationNotPermittedException
-// The requested operation is not permitted.
+// The operation failed because the requested operation isn't permitted.
//
// - ResourceShareInvitationArnNotFoundException
-// The specified Amazon Resource Name (ARN) for an invitation was not found.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// for an invitation was not found.
//
// - ResourceShareInvitationAlreadyAcceptedException
-// The specified invitation was already accepted.
+// The operation failed because the specified invitation was already accepted.
//
// - ResourceShareInvitationAlreadyRejectedException
-// The specified invitation was already rejected.
+// The operation failed because the specified invitation was already rejected.
//
// - ResourceShareInvitationExpiredException
-// The specified invitation is expired.
+// The operation failed because the specified invitation is past its expiration
+// date and time.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
// - InvalidClientTokenException
-// The client token is not valid.
+// The operation failed because the specified client token isn't valid.
//
// - IdempotentParameterMismatchException
-// The client token input parameter was matched one used with a previous call
-// to the operation, but at least one of the other input parameters is different
-// from the previous call.
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/AcceptResourceShareInvitation
func (c *RAM) AcceptResourceShareInvitation(input *AcceptResourceShareInvitationInput) (*AcceptResourceShareInvitationOutput, error) {
@@ -182,46 +186,52 @@ func (c *RAM) AssociateResourceShareRequest(input *AssociateResourceShareInput)
// Returned Error Types:
//
// - IdempotentParameterMismatchException
-// The client token input parameter was matched one used with a previous call
-// to the operation, but at least one of the other input parameters is different
-// from the previous call.
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
//
// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because a specified resource couldn't be found.
//
// - InvalidStateTransitionException
-// The requested state transition is not valid.
+// The operation failed because the requested operation isn't valid for the
+// resource share in its current state.
//
// - ResourceShareLimitExceededException
-// This request would exceed the limit for resource shares for your account.
+// The operation failed because it would exceed the limit for resource shares
+// for your account. To view the limits for your Amazon Web Services account,
+// see the RAM page in the Service Quotas console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - InvalidStateTransitionException
-// The requested state transition is not valid.
+// The operation failed because the requested operation isn't valid for the
+// resource share in its current state.
//
// - InvalidClientTokenException
-// The client token is not valid.
+// The operation failed because the specified client token isn't valid.
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
//
// - OperationNotPermittedException
-// The requested operation is not permitted.
+// The operation failed because the requested operation isn't permitted.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because a specified resource couldn't be found.
//
// - ThrottlingException
-// You exceeded the rate at which you are allowed to perform this operation.
-// Please try again later.
+// The operation failed because it exceeded the rate at which you are allowed
+// to perform this operation. Please try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/AssociateResourceShare
func (c *RAM) AssociateResourceShare(input *AssociateResourceShareInput) (*AssociateResourceShareOutput, error) {
@@ -304,25 +314,27 @@ func (c *RAM) AssociateResourceSharePermissionRequest(input *AssociateResourceSh
// Returned Error Types:
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because a specified resource couldn't be found.
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
//
// - InvalidClientTokenException
-// The client token is not valid.
+// The operation failed because the specified client token isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
// - OperationNotPermittedException
-// The requested operation is not permitted.
+// The operation failed because the requested operation isn't permitted.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/AssociateResourceSharePermission
func (c *RAM) AssociateResourceSharePermission(input *AssociateResourceSharePermissionInput) (*AssociateResourceSharePermissionOutput, error) {
@@ -346,1126 +358,1137 @@ func (c *RAM) AssociateResourceSharePermissionWithContext(ctx aws.Context, input
return out, req.Send()
}
-const opCreateResourceShare = "CreateResourceShare"
+const opCreatePermission = "CreatePermission"
-// CreateResourceShareRequest generates a "aws/request.Request" representing the
-// client's request for the CreateResourceShare operation. The "output" return
+// CreatePermissionRequest generates a "aws/request.Request" representing the
+// client's request for the CreatePermission operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See CreateResourceShare for more information on using the CreateResourceShare
+// See CreatePermission for more information on using the CreatePermission
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the CreateResourceShareRequest method.
-// req, resp := client.CreateResourceShareRequest(params)
+// // Example sending a request using the CreatePermissionRequest method.
+// req, resp := client.CreatePermissionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreateResourceShare
-func (c *RAM) CreateResourceShareRequest(input *CreateResourceShareInput) (req *request.Request, output *CreateResourceShareOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreatePermission
+func (c *RAM) CreatePermissionRequest(input *CreatePermissionInput) (req *request.Request, output *CreatePermissionOutput) {
op := &request.Operation{
- Name: opCreateResourceShare,
+ Name: opCreatePermission,
HTTPMethod: "POST",
- HTTPPath: "/createresourceshare",
+ HTTPPath: "/createpermission",
}
if input == nil {
- input = &CreateResourceShareInput{}
+ input = &CreatePermissionInput{}
}
- output = &CreateResourceShareOutput{}
+ output = &CreatePermissionOutput{}
req = c.newRequest(op, input, output)
return
}
-// CreateResourceShare API operation for AWS Resource Access Manager.
-//
-// Creates a resource share. You can provide a list of the Amazon Resource Names
-// (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
-// for the resources that you want to share, a list of principals you want to
-// share the resources with, and the permissions to grant those principals.
+// CreatePermission API operation for AWS Resource Access Manager.
//
-// Sharing a resource makes it available for use by principals outside of the
-// Amazon Web Services account that created the resource. Sharing doesn't change
-// any permissions or quotas that apply to the resource in the account that
-// created it.
+// Creates a customer managed permission for a specified resource type that
+// you can attach to resource shares. It is created in the Amazon Web Services
+// Region in which you call the operation.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation CreateResourceShare for usage and error information.
+// API operation CreatePermission for usage and error information.
//
// Returned Error Types:
//
-// - IdempotentParameterMismatchException
-// The client token input parameter was matched one used with a previous call
-// to the operation, but at least one of the other input parameters is different
-// from the previous call.
-//
-// - InvalidStateTransitionException
-// The requested state transition is not valid.
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
//
-// - UnknownResourceException
-// A specified resource was not found.
+// - InvalidPolicyException
+// The operation failed because a policy you specified isn't valid.
//
-// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
//
-// - InvalidClientTokenException
-// The client token is not valid.
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
-// - InvalidParameterException
-// A parameter is not valid.
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
+// - PermissionAlreadyExistsException
+// The operation failed because a permission with the specified name already
+// exists in the requested Amazon Web Services Region. Choose a different name.
//
-// - ResourceShareLimitExceededException
-// This request would exceed the limit for resource shares for your account.
+// - MalformedPolicyTemplateException
+// The operation failed because the policy template that you provided isn't
+// valid.
//
-// - TagPolicyViolationException
-// The specified tag key is a reserved word and can't be used.
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
//
-// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// - PermissionLimitExceededException
+// The operation failed because it would exceed the maximum number of permissions
+// you can create in each Amazon Web Services Region. To view the limits for
+// your Amazon Web Services account, see the RAM page in the Service Quotas
+// console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
//
-// - ServiceUnavailableException
-// The service is not available.
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreateResourceShare
-func (c *RAM) CreateResourceShare(input *CreateResourceShareInput) (*CreateResourceShareOutput, error) {
- req, out := c.CreateResourceShareRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreatePermission
+func (c *RAM) CreatePermission(input *CreatePermissionInput) (*CreatePermissionOutput, error) {
+ req, out := c.CreatePermissionRequest(input)
return out, req.Send()
}
-// CreateResourceShareWithContext is the same as CreateResourceShare with the addition of
+// CreatePermissionWithContext is the same as CreatePermission with the addition of
// the ability to pass a context and additional request options.
//
-// See CreateResourceShare for details on how to use this API operation.
+// See CreatePermission for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) CreateResourceShareWithContext(ctx aws.Context, input *CreateResourceShareInput, opts ...request.Option) (*CreateResourceShareOutput, error) {
- req, out := c.CreateResourceShareRequest(input)
+func (c *RAM) CreatePermissionWithContext(ctx aws.Context, input *CreatePermissionInput, opts ...request.Option) (*CreatePermissionOutput, error) {
+ req, out := c.CreatePermissionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opDeleteResourceShare = "DeleteResourceShare"
+const opCreatePermissionVersion = "CreatePermissionVersion"
-// DeleteResourceShareRequest generates a "aws/request.Request" representing the
-// client's request for the DeleteResourceShare operation. The "output" return
+// CreatePermissionVersionRequest generates a "aws/request.Request" representing the
+// client's request for the CreatePermissionVersion operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See DeleteResourceShare for more information on using the DeleteResourceShare
+// See CreatePermissionVersion for more information on using the CreatePermissionVersion
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the DeleteResourceShareRequest method.
-// req, resp := client.DeleteResourceShareRequest(params)
+// // Example sending a request using the CreatePermissionVersionRequest method.
+// req, resp := client.CreatePermissionVersionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeleteResourceShare
-func (c *RAM) DeleteResourceShareRequest(input *DeleteResourceShareInput) (req *request.Request, output *DeleteResourceShareOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreatePermissionVersion
+func (c *RAM) CreatePermissionVersionRequest(input *CreatePermissionVersionInput) (req *request.Request, output *CreatePermissionVersionOutput) {
op := &request.Operation{
- Name: opDeleteResourceShare,
- HTTPMethod: "DELETE",
- HTTPPath: "/deleteresourceshare",
+ Name: opCreatePermissionVersion,
+ HTTPMethod: "POST",
+ HTTPPath: "/createpermissionversion",
}
if input == nil {
- input = &DeleteResourceShareInput{}
+ input = &CreatePermissionVersionInput{}
}
- output = &DeleteResourceShareOutput{}
+ output = &CreatePermissionVersionOutput{}
req = c.newRequest(op, input, output)
return
}
-// DeleteResourceShare API operation for AWS Resource Access Manager.
+// CreatePermissionVersion API operation for AWS Resource Access Manager.
+//
+// Creates a new version of the specified customer managed permission. The new
+// version is automatically set as the default version of the customer managed
+// permission. New resource shares automatically use the default permission.
+// Existing resource shares continue to use their original permission versions,
+// but you can use ReplacePermissionAssociations to update them.
//
-// Deletes the specified resource share. This doesn't delete any of the resources
-// that were associated with the resource share; it only stops the sharing of
-// those resources outside of the Amazon Web Services account that created them.
+// If the specified customer managed permission already has the maximum of 5
+// versions, then you must delete one of the existing versions before you can
+// create a new one.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation DeleteResourceShare for usage and error information.
+// API operation CreatePermissionVersion for usage and error information.
//
// Returned Error Types:
//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
//
-// - IdempotentParameterMismatchException
-// The client token input parameter was matched one used with a previous call
-// to the operation, but at least one of the other input parameters is different
-// from the previous call.
+// - InvalidPolicyException
+// The operation failed because a policy you specified isn't valid.
//
-// - InvalidStateTransitionException
-// The requested state transition is not valid.
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
//
// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because a specified resource couldn't be found.
+//
+// - MalformedPolicyTemplateException
+// The operation failed because the policy template that you provided isn't
+// valid.
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - InvalidClientTokenException
-// The client token is not valid.
-//
-// - InvalidParameterException
-// A parameter is not valid.
-//
-// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
-//
-// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the specified client token isn't valid.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeleteResourceShare
-func (c *RAM) DeleteResourceShare(input *DeleteResourceShareInput) (*DeleteResourceShareOutput, error) {
- req, out := c.DeleteResourceShareRequest(input)
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
+//
+// - PermissionVersionsLimitExceededException
+// The operation failed because it would exceed the limit for the number of
+// versions you can have for a permission. To view the limits for your Amazon
+// Web Services account, see the RAM page in the Service Quotas console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreatePermissionVersion
+func (c *RAM) CreatePermissionVersion(input *CreatePermissionVersionInput) (*CreatePermissionVersionOutput, error) {
+ req, out := c.CreatePermissionVersionRequest(input)
return out, req.Send()
}
-// DeleteResourceShareWithContext is the same as DeleteResourceShare with the addition of
+// CreatePermissionVersionWithContext is the same as CreatePermissionVersion with the addition of
// the ability to pass a context and additional request options.
//
-// See DeleteResourceShare for details on how to use this API operation.
+// See CreatePermissionVersion for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) DeleteResourceShareWithContext(ctx aws.Context, input *DeleteResourceShareInput, opts ...request.Option) (*DeleteResourceShareOutput, error) {
- req, out := c.DeleteResourceShareRequest(input)
+func (c *RAM) CreatePermissionVersionWithContext(ctx aws.Context, input *CreatePermissionVersionInput, opts ...request.Option) (*CreatePermissionVersionOutput, error) {
+ req, out := c.CreatePermissionVersionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opDisassociateResourceShare = "DisassociateResourceShare"
+const opCreateResourceShare = "CreateResourceShare"
-// DisassociateResourceShareRequest generates a "aws/request.Request" representing the
-// client's request for the DisassociateResourceShare operation. The "output" return
+// CreateResourceShareRequest generates a "aws/request.Request" representing the
+// client's request for the CreateResourceShare operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See DisassociateResourceShare for more information on using the DisassociateResourceShare
+// See CreateResourceShare for more information on using the CreateResourceShare
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the DisassociateResourceShareRequest method.
-// req, resp := client.DisassociateResourceShareRequest(params)
+// // Example sending a request using the CreateResourceShareRequest method.
+// req, resp := client.CreateResourceShareRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DisassociateResourceShare
-func (c *RAM) DisassociateResourceShareRequest(input *DisassociateResourceShareInput) (req *request.Request, output *DisassociateResourceShareOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreateResourceShare
+func (c *RAM) CreateResourceShareRequest(input *CreateResourceShareInput) (req *request.Request, output *CreateResourceShareOutput) {
op := &request.Operation{
- Name: opDisassociateResourceShare,
+ Name: opCreateResourceShare,
HTTPMethod: "POST",
- HTTPPath: "/disassociateresourceshare",
+ HTTPPath: "/createresourceshare",
}
if input == nil {
- input = &DisassociateResourceShareInput{}
+ input = &CreateResourceShareInput{}
}
- output = &DisassociateResourceShareOutput{}
+ output = &CreateResourceShareOutput{}
req = c.newRequest(op, input, output)
return
}
-// DisassociateResourceShare API operation for AWS Resource Access Manager.
+// CreateResourceShare API operation for AWS Resource Access Manager.
//
-// Disassociates the specified principals or resources from the specified resource
-// share.
+// Creates a resource share. You can provide a list of the Amazon Resource Names
+// (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// for the resources that you want to share, a list of principals you want to
+// share the resources with, and the permissions to grant those principals.
+//
+// Sharing a resource makes it available for use by principals outside of the
+// Amazon Web Services account that created the resource. Sharing doesn't change
+// any permissions or quotas that apply to the resource in the account that
+// created it.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation DisassociateResourceShare for usage and error information.
+// API operation CreateResourceShare for usage and error information.
//
// Returned Error Types:
//
// - IdempotentParameterMismatchException
-// The client token input parameter was matched one used with a previous call
-// to the operation, but at least one of the other input parameters is different
-// from the previous call.
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
//
-// - ResourceShareLimitExceededException
-// This request would exceed the limit for resource shares for your account.
+// - InvalidStateTransitionException
+// The operation failed because the requested operation isn't valid for the
+// resource share in its current state.
//
-// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
//
-// - InvalidStateTransitionException
-// The requested state transition is not valid.
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - InvalidClientTokenException
-// The client token is not valid.
+// The operation failed because the specified client token isn't valid.
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
//
// - OperationNotPermittedException
-// The requested operation is not permitted.
+// The operation failed because the requested operation isn't permitted.
+//
+// - ResourceShareLimitExceededException
+// The operation failed because it would exceed the limit for resource shares
+// for your account. To view the limits for your Amazon Web Services account,
+// see the RAM page in the Service Quotas console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
+//
+// - TagPolicyViolationException
+// The operation failed because the specified tag key is a reserved word and
+// can't be used.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
-//
-// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DisassociateResourceShare
-func (c *RAM) DisassociateResourceShare(input *DisassociateResourceShareInput) (*DisassociateResourceShareOutput, error) {
- req, out := c.DisassociateResourceShareRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreateResourceShare
+func (c *RAM) CreateResourceShare(input *CreateResourceShareInput) (*CreateResourceShareOutput, error) {
+ req, out := c.CreateResourceShareRequest(input)
return out, req.Send()
}
-// DisassociateResourceShareWithContext is the same as DisassociateResourceShare with the addition of
+// CreateResourceShareWithContext is the same as CreateResourceShare with the addition of
// the ability to pass a context and additional request options.
//
-// See DisassociateResourceShare for details on how to use this API operation.
+// See CreateResourceShare for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) DisassociateResourceShareWithContext(ctx aws.Context, input *DisassociateResourceShareInput, opts ...request.Option) (*DisassociateResourceShareOutput, error) {
- req, out := c.DisassociateResourceShareRequest(input)
+func (c *RAM) CreateResourceShareWithContext(ctx aws.Context, input *CreateResourceShareInput, opts ...request.Option) (*CreateResourceShareOutput, error) {
+ req, out := c.CreateResourceShareRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opDisassociateResourceSharePermission = "DisassociateResourceSharePermission"
+const opDeletePermission = "DeletePermission"
-// DisassociateResourceSharePermissionRequest generates a "aws/request.Request" representing the
-// client's request for the DisassociateResourceSharePermission operation. The "output" return
+// DeletePermissionRequest generates a "aws/request.Request" representing the
+// client's request for the DeletePermission operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See DisassociateResourceSharePermission for more information on using the DisassociateResourceSharePermission
+// See DeletePermission for more information on using the DeletePermission
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the DisassociateResourceSharePermissionRequest method.
-// req, resp := client.DisassociateResourceSharePermissionRequest(params)
+// // Example sending a request using the DeletePermissionRequest method.
+// req, resp := client.DeletePermissionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DisassociateResourceSharePermission
-func (c *RAM) DisassociateResourceSharePermissionRequest(input *DisassociateResourceSharePermissionInput) (req *request.Request, output *DisassociateResourceSharePermissionOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeletePermission
+func (c *RAM) DeletePermissionRequest(input *DeletePermissionInput) (req *request.Request, output *DeletePermissionOutput) {
op := &request.Operation{
- Name: opDisassociateResourceSharePermission,
- HTTPMethod: "POST",
- HTTPPath: "/disassociateresourcesharepermission",
+ Name: opDeletePermission,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/deletepermission",
}
if input == nil {
- input = &DisassociateResourceSharePermissionInput{}
+ input = &DeletePermissionInput{}
}
- output = &DisassociateResourceSharePermissionOutput{}
+ output = &DeletePermissionOutput{}
req = c.newRequest(op, input, output)
return
}
-// DisassociateResourceSharePermission API operation for AWS Resource Access Manager.
+// DeletePermission API operation for AWS Resource Access Manager.
//
-// Disassociates an RAM permission from a resource share. Permission changes
-// take effect immediately. You can remove a RAM permission from a resource
-// share only if there are currently no resources of the relevant resource type
-// currently attached to the resource share.
+// Deletes the specified customer managed permission in the Amazon Web Services
+// Region in which you call this operation. You can delete a customer managed
+// permission only if it isn't attached to any resource share. The operation
+// deletes all versions associated with the customer managed permission.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation DisassociateResourceSharePermission for usage and error information.
+// API operation DeletePermission for usage and error information.
//
// Returned Error Types:
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
-//
-// - UnknownResourceException
-// A specified resource was not found.
-//
-// - InvalidParameterException
-// A parameter is not valid.
-//
-// - InvalidClientTokenException
-// The client token is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
// - OperationNotPermittedException
-// The requested operation is not permitted.
+// The operation failed because the requested operation isn't permitted.
//
-// - InvalidStateTransitionException
-// The requested state transition is not valid.
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DisassociateResourceSharePermission
-func (c *RAM) DisassociateResourceSharePermission(input *DisassociateResourceSharePermissionInput) (*DisassociateResourceSharePermissionOutput, error) {
- req, out := c.DisassociateResourceSharePermissionRequest(input)
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
+//
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeletePermission
+func (c *RAM) DeletePermission(input *DeletePermissionInput) (*DeletePermissionOutput, error) {
+ req, out := c.DeletePermissionRequest(input)
return out, req.Send()
}
-// DisassociateResourceSharePermissionWithContext is the same as DisassociateResourceSharePermission with the addition of
+// DeletePermissionWithContext is the same as DeletePermission with the addition of
// the ability to pass a context and additional request options.
//
-// See DisassociateResourceSharePermission for details on how to use this API operation.
+// See DeletePermission for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) DisassociateResourceSharePermissionWithContext(ctx aws.Context, input *DisassociateResourceSharePermissionInput, opts ...request.Option) (*DisassociateResourceSharePermissionOutput, error) {
- req, out := c.DisassociateResourceSharePermissionRequest(input)
+func (c *RAM) DeletePermissionWithContext(ctx aws.Context, input *DeletePermissionInput, opts ...request.Option) (*DeletePermissionOutput, error) {
+ req, out := c.DeletePermissionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opEnableSharingWithAwsOrganization = "EnableSharingWithAwsOrganization"
+const opDeletePermissionVersion = "DeletePermissionVersion"
-// EnableSharingWithAwsOrganizationRequest generates a "aws/request.Request" representing the
-// client's request for the EnableSharingWithAwsOrganization operation. The "output" return
+// DeletePermissionVersionRequest generates a "aws/request.Request" representing the
+// client's request for the DeletePermissionVersion operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See EnableSharingWithAwsOrganization for more information on using the EnableSharingWithAwsOrganization
+// See DeletePermissionVersion for more information on using the DeletePermissionVersion
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the EnableSharingWithAwsOrganizationRequest method.
-// req, resp := client.EnableSharingWithAwsOrganizationRequest(params)
+// // Example sending a request using the DeletePermissionVersionRequest method.
+// req, resp := client.DeletePermissionVersionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/EnableSharingWithAwsOrganization
-func (c *RAM) EnableSharingWithAwsOrganizationRequest(input *EnableSharingWithAwsOrganizationInput) (req *request.Request, output *EnableSharingWithAwsOrganizationOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeletePermissionVersion
+func (c *RAM) DeletePermissionVersionRequest(input *DeletePermissionVersionInput) (req *request.Request, output *DeletePermissionVersionOutput) {
op := &request.Operation{
- Name: opEnableSharingWithAwsOrganization,
- HTTPMethod: "POST",
- HTTPPath: "/enablesharingwithawsorganization",
+ Name: opDeletePermissionVersion,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/deletepermissionversion",
}
if input == nil {
- input = &EnableSharingWithAwsOrganizationInput{}
+ input = &DeletePermissionVersionInput{}
}
- output = &EnableSharingWithAwsOrganizationOutput{}
+ output = &DeletePermissionVersionOutput{}
req = c.newRequest(op, input, output)
return
}
-// EnableSharingWithAwsOrganization API operation for AWS Resource Access Manager.
+// DeletePermissionVersion API operation for AWS Resource Access Manager.
//
-// Enables resource sharing within your organization in Organizations. Calling
-// this operation enables RAM to retrieve information about the organization
-// and its structure. This lets you share resources with all of the accounts
-// in an organization by specifying the organization's ID, or all of the accounts
-// in an organizational unit (OU) by specifying the OU's ID. Until you enable
-// sharing within the organization, you can specify only individual Amazon Web
-// Services accounts, or for supported resource types, IAM users and roles.
+// Deletes one version of a customer managed permission. The version you specify
+// must not be attached to any resource share and must not be the default version
+// for the permission.
//
-// You must call this operation from an IAM user or role in the organization's
-// management account.
+// If a customer managed permission has the maximum of 5 versions, then you
+// must delete at least one version before you can create another.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation EnableSharingWithAwsOrganization for usage and error information.
+// API operation DeletePermissionVersion for usage and error information.
//
// Returned Error Types:
//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/EnableSharingWithAwsOrganization
-func (c *RAM) EnableSharingWithAwsOrganization(input *EnableSharingWithAwsOrganizationInput) (*EnableSharingWithAwsOrganizationOutput, error) {
- req, out := c.EnableSharingWithAwsOrganizationRequest(input)
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
+//
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeletePermissionVersion
+func (c *RAM) DeletePermissionVersion(input *DeletePermissionVersionInput) (*DeletePermissionVersionOutput, error) {
+ req, out := c.DeletePermissionVersionRequest(input)
return out, req.Send()
}
-// EnableSharingWithAwsOrganizationWithContext is the same as EnableSharingWithAwsOrganization with the addition of
+// DeletePermissionVersionWithContext is the same as DeletePermissionVersion with the addition of
// the ability to pass a context and additional request options.
//
-// See EnableSharingWithAwsOrganization for details on how to use this API operation.
+// See DeletePermissionVersion for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) EnableSharingWithAwsOrganizationWithContext(ctx aws.Context, input *EnableSharingWithAwsOrganizationInput, opts ...request.Option) (*EnableSharingWithAwsOrganizationOutput, error) {
- req, out := c.EnableSharingWithAwsOrganizationRequest(input)
+func (c *RAM) DeletePermissionVersionWithContext(ctx aws.Context, input *DeletePermissionVersionInput, opts ...request.Option) (*DeletePermissionVersionOutput, error) {
+ req, out := c.DeletePermissionVersionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opGetPermission = "GetPermission"
+const opDeleteResourceShare = "DeleteResourceShare"
-// GetPermissionRequest generates a "aws/request.Request" representing the
-// client's request for the GetPermission operation. The "output" return
+// DeleteResourceShareRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteResourceShare operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See GetPermission for more information on using the GetPermission
+// See DeleteResourceShare for more information on using the DeleteResourceShare
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the GetPermissionRequest method.
-// req, resp := client.GetPermissionRequest(params)
+// // Example sending a request using the DeleteResourceShareRequest method.
+// req, resp := client.DeleteResourceShareRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetPermission
-func (c *RAM) GetPermissionRequest(input *GetPermissionInput) (req *request.Request, output *GetPermissionOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeleteResourceShare
+func (c *RAM) DeleteResourceShareRequest(input *DeleteResourceShareInput) (req *request.Request, output *DeleteResourceShareOutput) {
op := &request.Operation{
- Name: opGetPermission,
- HTTPMethod: "POST",
- HTTPPath: "/getpermission",
+ Name: opDeleteResourceShare,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/deleteresourceshare",
}
if input == nil {
- input = &GetPermissionInput{}
+ input = &DeleteResourceShareInput{}
}
- output = &GetPermissionOutput{}
+ output = &DeleteResourceShareOutput{}
req = c.newRequest(op, input, output)
return
}
-// GetPermission API operation for AWS Resource Access Manager.
+// DeleteResourceShare API operation for AWS Resource Access Manager.
+//
+// Deletes the specified resource share.
//
-// Gets the contents of an RAM permission in JSON format.
+// This doesn't delete any of the resources that were associated with the resource
+// share; it only stops the sharing of those resources through this resource
+// share.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation GetPermission for usage and error information.
+// API operation DeleteResourceShare for usage and error information.
//
// Returned Error Types:
//
-// - InvalidParameterException
-// A parameter is not valid.
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
//
-// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
+//
+// - InvalidStateTransitionException
+// The operation failed because the requested operation isn't valid for the
+// resource share in its current state.
//
// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because a specified resource couldn't be found.
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
-//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetPermission
-func (c *RAM) GetPermission(input *GetPermissionInput) (*GetPermissionOutput, error) {
- req, out := c.GetPermissionRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeleteResourceShare
+func (c *RAM) DeleteResourceShare(input *DeleteResourceShareInput) (*DeleteResourceShareOutput, error) {
+ req, out := c.DeleteResourceShareRequest(input)
return out, req.Send()
}
-// GetPermissionWithContext is the same as GetPermission with the addition of
+// DeleteResourceShareWithContext is the same as DeleteResourceShare with the addition of
// the ability to pass a context and additional request options.
//
-// See GetPermission for details on how to use this API operation.
+// See DeleteResourceShare for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) GetPermissionWithContext(ctx aws.Context, input *GetPermissionInput, opts ...request.Option) (*GetPermissionOutput, error) {
- req, out := c.GetPermissionRequest(input)
+func (c *RAM) DeleteResourceShareWithContext(ctx aws.Context, input *DeleteResourceShareInput, opts ...request.Option) (*DeleteResourceShareOutput, error) {
+ req, out := c.DeleteResourceShareRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opGetResourcePolicies = "GetResourcePolicies"
+const opDisassociateResourceShare = "DisassociateResourceShare"
-// GetResourcePoliciesRequest generates a "aws/request.Request" representing the
-// client's request for the GetResourcePolicies operation. The "output" return
+// DisassociateResourceShareRequest generates a "aws/request.Request" representing the
+// client's request for the DisassociateResourceShare operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See GetResourcePolicies for more information on using the GetResourcePolicies
+// See DisassociateResourceShare for more information on using the DisassociateResourceShare
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the GetResourcePoliciesRequest method.
-// req, resp := client.GetResourcePoliciesRequest(params)
+// // Example sending a request using the DisassociateResourceShareRequest method.
+// req, resp := client.DisassociateResourceShareRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourcePolicies
-func (c *RAM) GetResourcePoliciesRequest(input *GetResourcePoliciesInput) (req *request.Request, output *GetResourcePoliciesOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DisassociateResourceShare
+func (c *RAM) DisassociateResourceShareRequest(input *DisassociateResourceShareInput) (req *request.Request, output *DisassociateResourceShareOutput) {
op := &request.Operation{
- Name: opGetResourcePolicies,
+ Name: opDisassociateResourceShare,
HTTPMethod: "POST",
- HTTPPath: "/getresourcepolicies",
- Paginator: &request.Paginator{
- InputTokens: []string{"nextToken"},
- OutputTokens: []string{"nextToken"},
- LimitToken: "maxResults",
- TruncationToken: "",
- },
+ HTTPPath: "/disassociateresourceshare",
}
if input == nil {
- input = &GetResourcePoliciesInput{}
+ input = &DisassociateResourceShareInput{}
}
- output = &GetResourcePoliciesOutput{}
+ output = &DisassociateResourceShareOutput{}
req = c.newRequest(op, input, output)
return
}
-// GetResourcePolicies API operation for AWS Resource Access Manager.
+// DisassociateResourceShare API operation for AWS Resource Access Manager.
//
-// Retrieves the resource policies for the specified resources that you own
-// and have shared.
+// Removes the specified principals or resources from participating in the specified
+// resource share.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation GetResourcePolicies for usage and error information.
+// API operation DisassociateResourceShare for usage and error information.
//
// Returned Error Types:
//
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
+//
+// - ResourceShareLimitExceededException
+// The operation failed because it would exceed the limit for resource shares
+// for your account. To view the limits for your Amazon Web Services account,
+// see the RAM page in the Service Quotas console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
+//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
-// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
+// - InvalidStateTransitionException
+// The operation failed because the requested operation isn't valid for the
+// resource share in its current state.
+//
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
//
-// - ResourceArnNotFoundException
-// The specified Amazon Resource Name (ARN) was not found.
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourcePolicies
-func (c *RAM) GetResourcePolicies(input *GetResourcePoliciesInput) (*GetResourcePoliciesOutput, error) {
- req, out := c.GetResourcePoliciesRequest(input)
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DisassociateResourceShare
+func (c *RAM) DisassociateResourceShare(input *DisassociateResourceShareInput) (*DisassociateResourceShareOutput, error) {
+ req, out := c.DisassociateResourceShareRequest(input)
return out, req.Send()
}
-// GetResourcePoliciesWithContext is the same as GetResourcePolicies with the addition of
+// DisassociateResourceShareWithContext is the same as DisassociateResourceShare with the addition of
// the ability to pass a context and additional request options.
//
-// See GetResourcePolicies for details on how to use this API operation.
+// See DisassociateResourceShare for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) GetResourcePoliciesWithContext(ctx aws.Context, input *GetResourcePoliciesInput, opts ...request.Option) (*GetResourcePoliciesOutput, error) {
- req, out := c.GetResourcePoliciesRequest(input)
+func (c *RAM) DisassociateResourceShareWithContext(ctx aws.Context, input *DisassociateResourceShareInput, opts ...request.Option) (*DisassociateResourceShareOutput, error) {
+ req, out := c.DisassociateResourceShareRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// GetResourcePoliciesPages iterates over the pages of a GetResourcePolicies operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
-//
-// See GetResourcePolicies method for more information on how to use this operation.
-//
-// Note: This operation can generate multiple requests to a service.
-//
-// // Example iterating over at most 3 pages of a GetResourcePolicies operation.
-// pageNum := 0
-// err := client.GetResourcePoliciesPages(params,
-// func(page *ram.GetResourcePoliciesOutput, lastPage bool) bool {
-// pageNum++
-// fmt.Println(page)
-// return pageNum <= 3
-// })
-func (c *RAM) GetResourcePoliciesPages(input *GetResourcePoliciesInput, fn func(*GetResourcePoliciesOutput, bool) bool) error {
- return c.GetResourcePoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
-}
-
-// GetResourcePoliciesPagesWithContext same as GetResourcePoliciesPages except
-// it takes a Context and allows setting request options on the pages.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *RAM) GetResourcePoliciesPagesWithContext(ctx aws.Context, input *GetResourcePoliciesInput, fn func(*GetResourcePoliciesOutput, bool) bool, opts ...request.Option) error {
- p := request.Pagination{
- NewRequest: func() (*request.Request, error) {
- var inCpy *GetResourcePoliciesInput
- if input != nil {
- tmp := *input
- inCpy = &tmp
- }
- req, _ := c.GetResourcePoliciesRequest(inCpy)
- req.SetContext(ctx)
- req.ApplyOptions(opts...)
- return req, nil
- },
- }
-
- for p.Next() {
- if !fn(p.Page().(*GetResourcePoliciesOutput), !p.HasNextPage()) {
- break
- }
- }
-
- return p.Err()
-}
-
-const opGetResourceShareAssociations = "GetResourceShareAssociations"
+const opDisassociateResourceSharePermission = "DisassociateResourceSharePermission"
-// GetResourceShareAssociationsRequest generates a "aws/request.Request" representing the
-// client's request for the GetResourceShareAssociations operation. The "output" return
+// DisassociateResourceSharePermissionRequest generates a "aws/request.Request" representing the
+// client's request for the DisassociateResourceSharePermission operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See GetResourceShareAssociations for more information on using the GetResourceShareAssociations
+// See DisassociateResourceSharePermission for more information on using the DisassociateResourceSharePermission
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the GetResourceShareAssociationsRequest method.
-// req, resp := client.GetResourceShareAssociationsRequest(params)
+// // Example sending a request using the DisassociateResourceSharePermissionRequest method.
+// req, resp := client.DisassociateResourceSharePermissionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShareAssociations
-func (c *RAM) GetResourceShareAssociationsRequest(input *GetResourceShareAssociationsInput) (req *request.Request, output *GetResourceShareAssociationsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DisassociateResourceSharePermission
+func (c *RAM) DisassociateResourceSharePermissionRequest(input *DisassociateResourceSharePermissionInput) (req *request.Request, output *DisassociateResourceSharePermissionOutput) {
op := &request.Operation{
- Name: opGetResourceShareAssociations,
+ Name: opDisassociateResourceSharePermission,
HTTPMethod: "POST",
- HTTPPath: "/getresourceshareassociations",
- Paginator: &request.Paginator{
- InputTokens: []string{"nextToken"},
- OutputTokens: []string{"nextToken"},
- LimitToken: "maxResults",
- TruncationToken: "",
- },
+ HTTPPath: "/disassociateresourcesharepermission",
}
if input == nil {
- input = &GetResourceShareAssociationsInput{}
+ input = &DisassociateResourceSharePermissionInput{}
}
- output = &GetResourceShareAssociationsOutput{}
+ output = &DisassociateResourceSharePermissionOutput{}
req = c.newRequest(op, input, output)
return
}
-// GetResourceShareAssociations API operation for AWS Resource Access Manager.
+// DisassociateResourceSharePermission API operation for AWS Resource Access Manager.
//
-// Retrieves the resource and principal associations for resource shares that
-// you own.
+// Removes a managed permission from a resource share. Permission changes take
+// effect immediately. You can remove a managed permission from a resource share
+// only if there are currently no resources of the relevant resource type currently
+// attached to the resource share.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation GetResourceShareAssociations for usage and error information.
+// API operation DisassociateResourceSharePermission for usage and error information.
//
// Returned Error Types:
//
-// - UnknownResourceException
-// A specified resource was not found.
-//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
-// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShareAssociations
-func (c *RAM) GetResourceShareAssociations(input *GetResourceShareAssociationsInput) (*GetResourceShareAssociationsOutput, error) {
- req, out := c.GetResourceShareAssociationsRequest(input)
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// - InvalidStateTransitionException
+// The operation failed because the requested operation isn't valid for the
+// resource share in its current state.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DisassociateResourceSharePermission
+func (c *RAM) DisassociateResourceSharePermission(input *DisassociateResourceSharePermissionInput) (*DisassociateResourceSharePermissionOutput, error) {
+ req, out := c.DisassociateResourceSharePermissionRequest(input)
return out, req.Send()
}
-// GetResourceShareAssociationsWithContext is the same as GetResourceShareAssociations with the addition of
+// DisassociateResourceSharePermissionWithContext is the same as DisassociateResourceSharePermission with the addition of
// the ability to pass a context and additional request options.
//
-// See GetResourceShareAssociations for details on how to use this API operation.
+// See DisassociateResourceSharePermission for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) GetResourceShareAssociationsWithContext(ctx aws.Context, input *GetResourceShareAssociationsInput, opts ...request.Option) (*GetResourceShareAssociationsOutput, error) {
- req, out := c.GetResourceShareAssociationsRequest(input)
+func (c *RAM) DisassociateResourceSharePermissionWithContext(ctx aws.Context, input *DisassociateResourceSharePermissionInput, opts ...request.Option) (*DisassociateResourceSharePermissionOutput, error) {
+ req, out := c.DisassociateResourceSharePermissionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// GetResourceShareAssociationsPages iterates over the pages of a GetResourceShareAssociations operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
-//
-// See GetResourceShareAssociations method for more information on how to use this operation.
-//
-// Note: This operation can generate multiple requests to a service.
-//
-// // Example iterating over at most 3 pages of a GetResourceShareAssociations operation.
-// pageNum := 0
-// err := client.GetResourceShareAssociationsPages(params,
-// func(page *ram.GetResourceShareAssociationsOutput, lastPage bool) bool {
-// pageNum++
-// fmt.Println(page)
-// return pageNum <= 3
-// })
-func (c *RAM) GetResourceShareAssociationsPages(input *GetResourceShareAssociationsInput, fn func(*GetResourceShareAssociationsOutput, bool) bool) error {
- return c.GetResourceShareAssociationsPagesWithContext(aws.BackgroundContext(), input, fn)
-}
-
-// GetResourceShareAssociationsPagesWithContext same as GetResourceShareAssociationsPages except
-// it takes a Context and allows setting request options on the pages.
-//
-// The context must be non-nil and will be used for request cancellation. If
-// the context is nil a panic will occur. In the future the SDK may create
-// sub-contexts for http.Requests. See https://golang.org/pkg/context/
-// for more information on using Contexts.
-func (c *RAM) GetResourceShareAssociationsPagesWithContext(ctx aws.Context, input *GetResourceShareAssociationsInput, fn func(*GetResourceShareAssociationsOutput, bool) bool, opts ...request.Option) error {
- p := request.Pagination{
- NewRequest: func() (*request.Request, error) {
- var inCpy *GetResourceShareAssociationsInput
- if input != nil {
- tmp := *input
- inCpy = &tmp
- }
- req, _ := c.GetResourceShareAssociationsRequest(inCpy)
- req.SetContext(ctx)
- req.ApplyOptions(opts...)
- return req, nil
- },
- }
-
- for p.Next() {
- if !fn(p.Page().(*GetResourceShareAssociationsOutput), !p.HasNextPage()) {
- break
- }
- }
-
- return p.Err()
-}
-
-const opGetResourceShareInvitations = "GetResourceShareInvitations"
+const opEnableSharingWithAwsOrganization = "EnableSharingWithAwsOrganization"
-// GetResourceShareInvitationsRequest generates a "aws/request.Request" representing the
-// client's request for the GetResourceShareInvitations operation. The "output" return
+// EnableSharingWithAwsOrganizationRequest generates a "aws/request.Request" representing the
+// client's request for the EnableSharingWithAwsOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See GetResourceShareInvitations for more information on using the GetResourceShareInvitations
+// See EnableSharingWithAwsOrganization for more information on using the EnableSharingWithAwsOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the GetResourceShareInvitationsRequest method.
-// req, resp := client.GetResourceShareInvitationsRequest(params)
+// // Example sending a request using the EnableSharingWithAwsOrganizationRequest method.
+// req, resp := client.EnableSharingWithAwsOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShareInvitations
-func (c *RAM) GetResourceShareInvitationsRequest(input *GetResourceShareInvitationsInput) (req *request.Request, output *GetResourceShareInvitationsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/EnableSharingWithAwsOrganization
+func (c *RAM) EnableSharingWithAwsOrganizationRequest(input *EnableSharingWithAwsOrganizationInput) (req *request.Request, output *EnableSharingWithAwsOrganizationOutput) {
op := &request.Operation{
- Name: opGetResourceShareInvitations,
+ Name: opEnableSharingWithAwsOrganization,
HTTPMethod: "POST",
- HTTPPath: "/getresourceshareinvitations",
- Paginator: &request.Paginator{
- InputTokens: []string{"nextToken"},
- OutputTokens: []string{"nextToken"},
- LimitToken: "maxResults",
- TruncationToken: "",
- },
+ HTTPPath: "/enablesharingwithawsorganization",
}
if input == nil {
- input = &GetResourceShareInvitationsInput{}
+ input = &EnableSharingWithAwsOrganizationInput{}
}
- output = &GetResourceShareInvitationsOutput{}
+ output = &EnableSharingWithAwsOrganizationOutput{}
req = c.newRequest(op, input, output)
return
}
-// GetResourceShareInvitations API operation for AWS Resource Access Manager.
+// EnableSharingWithAwsOrganization API operation for AWS Resource Access Manager.
//
-// Retrieves details about invitations that you have received for resource shares.
+// Enables resource sharing within your organization in Organizations. This
+// operation creates a service-linked role called AWSServiceRoleForResourceAccessManager
+// that has the IAM managed policy named AWSResourceAccessManagerServiceRolePolicy
+// attached. This role permits RAM to retrieve information about the organization
+// and its structure. This lets you share resources with all of the accounts
+// in the calling account's organization by specifying the organization ID,
+// or all of the accounts in an organizational unit (OU) by specifying the OU
+// ID. Until you enable sharing within the organization, you can specify only
+// individual Amazon Web Services accounts, or for supported resource types,
+// IAM roles and users.
+//
+// You must call this operation from an IAM role or user in the organization's
+// management account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation GetResourceShareInvitations for usage and error information.
+// API operation EnableSharingWithAwsOrganization for usage and error information.
//
// Returned Error Types:
//
-// - ResourceShareInvitationArnNotFoundException
-// The specified Amazon Resource Name (ARN) for an invitation was not found.
-//
-// - InvalidMaxResultsException
-// The specified value for MaxResults is not valid.
-//
-// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
-//
-// - UnknownResourceException
-// A specified resource was not found.
-//
-// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
-//
-// - InvalidParameterException
-// A parameter is not valid.
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShareInvitations
-func (c *RAM) GetResourceShareInvitations(input *GetResourceShareInvitationsInput) (*GetResourceShareInvitationsOutput, error) {
- req, out := c.GetResourceShareInvitationsRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/EnableSharingWithAwsOrganization
+func (c *RAM) EnableSharingWithAwsOrganization(input *EnableSharingWithAwsOrganizationInput) (*EnableSharingWithAwsOrganizationOutput, error) {
+ req, out := c.EnableSharingWithAwsOrganizationRequest(input)
return out, req.Send()
}
-// GetResourceShareInvitationsWithContext is the same as GetResourceShareInvitations with the addition of
+// EnableSharingWithAwsOrganizationWithContext is the same as EnableSharingWithAwsOrganization with the addition of
// the ability to pass a context and additional request options.
//
-// See GetResourceShareInvitations for details on how to use this API operation.
+// See EnableSharingWithAwsOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) GetResourceShareInvitationsWithContext(ctx aws.Context, input *GetResourceShareInvitationsInput, opts ...request.Option) (*GetResourceShareInvitationsOutput, error) {
- req, out := c.GetResourceShareInvitationsRequest(input)
+func (c *RAM) EnableSharingWithAwsOrganizationWithContext(ctx aws.Context, input *EnableSharingWithAwsOrganizationInput, opts ...request.Option) (*EnableSharingWithAwsOrganizationOutput, error) {
+ req, out := c.EnableSharingWithAwsOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// GetResourceShareInvitationsPages iterates over the pages of a GetResourceShareInvitations operation,
-// calling the "fn" function with the response data for each page. To stop
-// iterating, return false from the fn function.
+const opGetPermission = "GetPermission"
+
+// GetPermissionRequest generates a "aws/request.Request" representing the
+// client's request for the GetPermission operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
//
-// See GetResourceShareInvitations method for more information on how to use this operation.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
//
-// Note: This operation can generate multiple requests to a service.
+// See GetPermission for more information on using the GetPermission
+// API call, and error handling.
//
-// // Example iterating over at most 3 pages of a GetResourceShareInvitations operation.
-// pageNum := 0
-// err := client.GetResourceShareInvitationsPages(params,
-// func(page *ram.GetResourceShareInvitationsOutput, lastPage bool) bool {
-// pageNum++
-// fmt.Println(page)
-// return pageNum <= 3
-// })
-func (c *RAM) GetResourceShareInvitationsPages(input *GetResourceShareInvitationsInput, fn func(*GetResourceShareInvitationsOutput, bool) bool) error {
- return c.GetResourceShareInvitationsPagesWithContext(aws.BackgroundContext(), input, fn)
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetPermissionRequest method.
+// req, resp := client.GetPermissionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetPermission
+func (c *RAM) GetPermissionRequest(input *GetPermissionInput) (req *request.Request, output *GetPermissionOutput) {
+ op := &request.Operation{
+ Name: opGetPermission,
+ HTTPMethod: "POST",
+ HTTPPath: "/getpermission",
+ }
+
+ if input == nil {
+ input = &GetPermissionInput{}
+ }
+
+ output = &GetPermissionOutput{}
+ req = c.newRequest(op, input, output)
+ return
}
-// GetResourceShareInvitationsPagesWithContext same as GetResourceShareInvitationsPages except
-// it takes a Context and allows setting request options on the pages.
+// GetPermission API operation for AWS Resource Access Manager.
+//
+// Retrieves the contents of a managed permission in JSON format.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Access Manager's
+// API operation GetPermission for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
+//
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetPermission
+func (c *RAM) GetPermission(input *GetPermissionInput) (*GetPermissionOutput, error) {
+ req, out := c.GetPermissionRequest(input)
+ return out, req.Send()
+}
+
+// GetPermissionWithContext is the same as GetPermission with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetPermission for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) GetResourceShareInvitationsPagesWithContext(ctx aws.Context, input *GetResourceShareInvitationsInput, fn func(*GetResourceShareInvitationsOutput, bool) bool, opts ...request.Option) error {
- p := request.Pagination{
- NewRequest: func() (*request.Request, error) {
- var inCpy *GetResourceShareInvitationsInput
- if input != nil {
- tmp := *input
- inCpy = &tmp
- }
- req, _ := c.GetResourceShareInvitationsRequest(inCpy)
- req.SetContext(ctx)
- req.ApplyOptions(opts...)
- return req, nil
- },
- }
-
- for p.Next() {
- if !fn(p.Page().(*GetResourceShareInvitationsOutput), !p.HasNextPage()) {
- break
- }
- }
-
- return p.Err()
+func (c *RAM) GetPermissionWithContext(ctx aws.Context, input *GetPermissionInput, opts ...request.Option) (*GetPermissionOutput, error) {
+ req, out := c.GetPermissionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
}
-const opGetResourceShares = "GetResourceShares"
+const opGetResourcePolicies = "GetResourcePolicies"
-// GetResourceSharesRequest generates a "aws/request.Request" representing the
-// client's request for the GetResourceShares operation. The "output" return
+// GetResourcePoliciesRequest generates a "aws/request.Request" representing the
+// client's request for the GetResourcePolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See GetResourceShares for more information on using the GetResourceShares
+// See GetResourcePolicies for more information on using the GetResourcePolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the GetResourceSharesRequest method.
-// req, resp := client.GetResourceSharesRequest(params)
+// // Example sending a request using the GetResourcePoliciesRequest method.
+// req, resp := client.GetResourcePoliciesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShares
-func (c *RAM) GetResourceSharesRequest(input *GetResourceSharesInput) (req *request.Request, output *GetResourceSharesOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourcePolicies
+func (c *RAM) GetResourcePoliciesRequest(input *GetResourcePoliciesInput) (req *request.Request, output *GetResourcePoliciesOutput) {
op := &request.Operation{
- Name: opGetResourceShares,
+ Name: opGetResourcePolicies,
HTTPMethod: "POST",
- HTTPPath: "/getresourceshares",
+ HTTPPath: "/getresourcepolicies",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -1475,104 +1498,109 @@ func (c *RAM) GetResourceSharesRequest(input *GetResourceSharesInput) (req *requ
}
if input == nil {
- input = &GetResourceSharesInput{}
+ input = &GetResourcePoliciesInput{}
}
- output = &GetResourceSharesOutput{}
+ output = &GetResourcePoliciesOutput{}
req = c.newRequest(op, input, output)
return
}
-// GetResourceShares API operation for AWS Resource Access Manager.
+// GetResourcePolicies API operation for AWS Resource Access Manager.
//
-// Retrieves details about the resource shares that you own or that are shared
-// with you.
+// Retrieves the resource policies for the specified resources that you own
+// and have shared.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation GetResourceShares for usage and error information.
+// API operation GetResourcePolicies for usage and error information.
//
// Returned Error Types:
//
-// - UnknownResourceException
-// A specified resource was not found.
-//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
+//
+// - ResourceArnNotFoundException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// was not found.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShares
-func (c *RAM) GetResourceShares(input *GetResourceSharesInput) (*GetResourceSharesOutput, error) {
- req, out := c.GetResourceSharesRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourcePolicies
+func (c *RAM) GetResourcePolicies(input *GetResourcePoliciesInput) (*GetResourcePoliciesOutput, error) {
+ req, out := c.GetResourcePoliciesRequest(input)
return out, req.Send()
}
-// GetResourceSharesWithContext is the same as GetResourceShares with the addition of
+// GetResourcePoliciesWithContext is the same as GetResourcePolicies with the addition of
// the ability to pass a context and additional request options.
//
-// See GetResourceShares for details on how to use this API operation.
+// See GetResourcePolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) GetResourceSharesWithContext(ctx aws.Context, input *GetResourceSharesInput, opts ...request.Option) (*GetResourceSharesOutput, error) {
- req, out := c.GetResourceSharesRequest(input)
+func (c *RAM) GetResourcePoliciesWithContext(ctx aws.Context, input *GetResourcePoliciesInput, opts ...request.Option) (*GetResourcePoliciesOutput, error) {
+ req, out := c.GetResourcePoliciesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// GetResourceSharesPages iterates over the pages of a GetResourceShares operation,
+// GetResourcePoliciesPages iterates over the pages of a GetResourcePolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See GetResourceShares method for more information on how to use this operation.
+// See GetResourcePolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a GetResourceShares operation.
+// // Example iterating over at most 3 pages of a GetResourcePolicies operation.
// pageNum := 0
-// err := client.GetResourceSharesPages(params,
-// func(page *ram.GetResourceSharesOutput, lastPage bool) bool {
+// err := client.GetResourcePoliciesPages(params,
+// func(page *ram.GetResourcePoliciesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *RAM) GetResourceSharesPages(input *GetResourceSharesInput, fn func(*GetResourceSharesOutput, bool) bool) error {
- return c.GetResourceSharesPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *RAM) GetResourcePoliciesPages(input *GetResourcePoliciesInput, fn func(*GetResourcePoliciesOutput, bool) bool) error {
+ return c.GetResourcePoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// GetResourceSharesPagesWithContext same as GetResourceSharesPages except
+// GetResourcePoliciesPagesWithContext same as GetResourcePoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) GetResourceSharesPagesWithContext(ctx aws.Context, input *GetResourceSharesInput, fn func(*GetResourceSharesOutput, bool) bool, opts ...request.Option) error {
+func (c *RAM) GetResourcePoliciesPagesWithContext(ctx aws.Context, input *GetResourcePoliciesInput, fn func(*GetResourcePoliciesOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *GetResourceSharesInput
+ var inCpy *GetResourcePoliciesInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.GetResourceSharesRequest(inCpy)
+ req, _ := c.GetResourcePoliciesRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -1580,7 +1608,7 @@ func (c *RAM) GetResourceSharesPagesWithContext(ctx aws.Context, input *GetResou
}
for p.Next() {
- if !fn(p.Page().(*GetResourceSharesOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*GetResourcePoliciesOutput), !p.HasNextPage()) {
break
}
}
@@ -1588,36 +1616,36 @@ func (c *RAM) GetResourceSharesPagesWithContext(ctx aws.Context, input *GetResou
return p.Err()
}
-const opListPendingInvitationResources = "ListPendingInvitationResources"
+const opGetResourceShareAssociations = "GetResourceShareAssociations"
-// ListPendingInvitationResourcesRequest generates a "aws/request.Request" representing the
-// client's request for the ListPendingInvitationResources operation. The "output" return
+// GetResourceShareAssociationsRequest generates a "aws/request.Request" representing the
+// client's request for the GetResourceShareAssociations operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListPendingInvitationResources for more information on using the ListPendingInvitationResources
+// See GetResourceShareAssociations for more information on using the GetResourceShareAssociations
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListPendingInvitationResourcesRequest method.
-// req, resp := client.ListPendingInvitationResourcesRequest(params)
-//
+// // Example sending a request using the GetResourceShareAssociationsRequest method.
+// req, resp := client.GetResourceShareAssociationsRequest(params)
+//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPendingInvitationResources
-func (c *RAM) ListPendingInvitationResourcesRequest(input *ListPendingInvitationResourcesInput) (req *request.Request, output *ListPendingInvitationResourcesOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShareAssociations
+func (c *RAM) GetResourceShareAssociationsRequest(input *GetResourceShareAssociationsInput) (req *request.Request, output *GetResourceShareAssociationsOutput) {
op := &request.Operation{
- Name: opListPendingInvitationResources,
+ Name: opGetResourceShareAssociations,
HTTPMethod: "POST",
- HTTPPath: "/listpendinginvitationresources",
+ HTTPPath: "/getresourceshareassociations",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -1627,114 +1655,111 @@ func (c *RAM) ListPendingInvitationResourcesRequest(input *ListPendingInvitation
}
if input == nil {
- input = &ListPendingInvitationResourcesInput{}
+ input = &GetResourceShareAssociationsInput{}
}
- output = &ListPendingInvitationResourcesOutput{}
+ output = &GetResourceShareAssociationsOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListPendingInvitationResources API operation for AWS Resource Access Manager.
+// GetResourceShareAssociations API operation for AWS Resource Access Manager.
//
-// Lists the resources in a resource share that is shared with you but for which
-// the invitation is still PENDING. That means that you haven't accepted or
-// rejected the invitation and the invitation hasn't expired.
+// Retrieves the lists of resources and principals that associated for resource
+// shares that you own.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation ListPendingInvitationResources for usage and error information.
+// API operation GetResourceShareAssociations for usage and error information.
//
// Returned Error Types:
//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
+//
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
-//
-// - ResourceShareInvitationArnNotFoundException
-// The specified Amazon Resource Name (ARN) for an invitation was not found.
-//
-// - MissingRequiredParameterException
-// A required input parameter is missing.
-//
-// - ResourceShareInvitationAlreadyRejectedException
-// The specified invitation was already rejected.
+// The operation failed because the service isn't available. Try again later.
//
-// - ResourceShareInvitationExpiredException
-// The specified invitation is expired.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPendingInvitationResources
-func (c *RAM) ListPendingInvitationResources(input *ListPendingInvitationResourcesInput) (*ListPendingInvitationResourcesOutput, error) {
- req, out := c.ListPendingInvitationResourcesRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShareAssociations
+func (c *RAM) GetResourceShareAssociations(input *GetResourceShareAssociationsInput) (*GetResourceShareAssociationsOutput, error) {
+ req, out := c.GetResourceShareAssociationsRequest(input)
return out, req.Send()
}
-// ListPendingInvitationResourcesWithContext is the same as ListPendingInvitationResources with the addition of
+// GetResourceShareAssociationsWithContext is the same as GetResourceShareAssociations with the addition of
// the ability to pass a context and additional request options.
//
-// See ListPendingInvitationResources for details on how to use this API operation.
+// See GetResourceShareAssociations for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListPendingInvitationResourcesWithContext(ctx aws.Context, input *ListPendingInvitationResourcesInput, opts ...request.Option) (*ListPendingInvitationResourcesOutput, error) {
- req, out := c.ListPendingInvitationResourcesRequest(input)
+func (c *RAM) GetResourceShareAssociationsWithContext(ctx aws.Context, input *GetResourceShareAssociationsInput, opts ...request.Option) (*GetResourceShareAssociationsOutput, error) {
+ req, out := c.GetResourceShareAssociationsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListPendingInvitationResourcesPages iterates over the pages of a ListPendingInvitationResources operation,
+// GetResourceShareAssociationsPages iterates over the pages of a GetResourceShareAssociations operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListPendingInvitationResources method for more information on how to use this operation.
+// See GetResourceShareAssociations method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListPendingInvitationResources operation.
+// // Example iterating over at most 3 pages of a GetResourceShareAssociations operation.
// pageNum := 0
-// err := client.ListPendingInvitationResourcesPages(params,
-// func(page *ram.ListPendingInvitationResourcesOutput, lastPage bool) bool {
+// err := client.GetResourceShareAssociationsPages(params,
+// func(page *ram.GetResourceShareAssociationsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *RAM) ListPendingInvitationResourcesPages(input *ListPendingInvitationResourcesInput, fn func(*ListPendingInvitationResourcesOutput, bool) bool) error {
- return c.ListPendingInvitationResourcesPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *RAM) GetResourceShareAssociationsPages(input *GetResourceShareAssociationsInput, fn func(*GetResourceShareAssociationsOutput, bool) bool) error {
+ return c.GetResourceShareAssociationsPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListPendingInvitationResourcesPagesWithContext same as ListPendingInvitationResourcesPages except
+// GetResourceShareAssociationsPagesWithContext same as GetResourceShareAssociationsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListPendingInvitationResourcesPagesWithContext(ctx aws.Context, input *ListPendingInvitationResourcesInput, fn func(*ListPendingInvitationResourcesOutput, bool) bool, opts ...request.Option) error {
+func (c *RAM) GetResourceShareAssociationsPagesWithContext(ctx aws.Context, input *GetResourceShareAssociationsInput, fn func(*GetResourceShareAssociationsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListPendingInvitationResourcesInput
+ var inCpy *GetResourceShareAssociationsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListPendingInvitationResourcesRequest(inCpy)
+ req, _ := c.GetResourceShareAssociationsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -1742,7 +1767,7 @@ func (c *RAM) ListPendingInvitationResourcesPagesWithContext(ctx aws.Context, in
}
for p.Next() {
- if !fn(p.Page().(*ListPendingInvitationResourcesOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*GetResourceShareAssociationsOutput), !p.HasNextPage()) {
break
}
}
@@ -1750,36 +1775,36 @@ func (c *RAM) ListPendingInvitationResourcesPagesWithContext(ctx aws.Context, in
return p.Err()
}
-const opListPermissionVersions = "ListPermissionVersions"
+const opGetResourceShareInvitations = "GetResourceShareInvitations"
-// ListPermissionVersionsRequest generates a "aws/request.Request" representing the
-// client's request for the ListPermissionVersions operation. The "output" return
+// GetResourceShareInvitationsRequest generates a "aws/request.Request" representing the
+// client's request for the GetResourceShareInvitations operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListPermissionVersions for more information on using the ListPermissionVersions
+// See GetResourceShareInvitations for more information on using the GetResourceShareInvitations
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListPermissionVersionsRequest method.
-// req, resp := client.ListPermissionVersionsRequest(params)
+// // Example sending a request using the GetResourceShareInvitationsRequest method.
+// req, resp := client.GetResourceShareInvitationsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionVersions
-func (c *RAM) ListPermissionVersionsRequest(input *ListPermissionVersionsInput) (req *request.Request, output *ListPermissionVersionsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShareInvitations
+func (c *RAM) GetResourceShareInvitationsRequest(input *GetResourceShareInvitationsInput) (req *request.Request, output *GetResourceShareInvitationsOutput) {
op := &request.Operation{
- Name: opListPermissionVersions,
+ Name: opGetResourceShareInvitations,
HTTPMethod: "POST",
- HTTPPath: "/listpermissionversions",
+ HTTPPath: "/getresourceshareinvitations",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -1789,106 +1814,114 @@ func (c *RAM) ListPermissionVersionsRequest(input *ListPermissionVersionsInput)
}
if input == nil {
- input = &ListPermissionVersionsInput{}
+ input = &GetResourceShareInvitationsInput{}
}
- output = &ListPermissionVersionsOutput{}
+ output = &GetResourceShareInvitationsOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListPermissionVersions API operation for AWS Resource Access Manager.
+// GetResourceShareInvitations API operation for AWS Resource Access Manager.
//
-// Lists the available versions of the specified RAM permission.
+// Retrieves details about invitations that you have received for resource shares.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation ListPermissionVersions for usage and error information.
+// API operation GetResourceShareInvitations for usage and error information.
//
// Returned Error Types:
//
+// - ResourceShareInvitationArnNotFoundException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// for an invitation was not found.
+//
+// - InvalidMaxResultsException
+// The operation failed because the specified value for MaxResults isn't valid.
+//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because a specified resource couldn't be found.
//
// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
-//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
-//
-// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionVersions
-func (c *RAM) ListPermissionVersions(input *ListPermissionVersionsInput) (*ListPermissionVersionsOutput, error) {
- req, out := c.ListPermissionVersionsRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShareInvitations
+func (c *RAM) GetResourceShareInvitations(input *GetResourceShareInvitationsInput) (*GetResourceShareInvitationsOutput, error) {
+ req, out := c.GetResourceShareInvitationsRequest(input)
return out, req.Send()
}
-// ListPermissionVersionsWithContext is the same as ListPermissionVersions with the addition of
+// GetResourceShareInvitationsWithContext is the same as GetResourceShareInvitations with the addition of
// the ability to pass a context and additional request options.
//
-// See ListPermissionVersions for details on how to use this API operation.
+// See GetResourceShareInvitations for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListPermissionVersionsWithContext(ctx aws.Context, input *ListPermissionVersionsInput, opts ...request.Option) (*ListPermissionVersionsOutput, error) {
- req, out := c.ListPermissionVersionsRequest(input)
+func (c *RAM) GetResourceShareInvitationsWithContext(ctx aws.Context, input *GetResourceShareInvitationsInput, opts ...request.Option) (*GetResourceShareInvitationsOutput, error) {
+ req, out := c.GetResourceShareInvitationsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListPermissionVersionsPages iterates over the pages of a ListPermissionVersions operation,
+// GetResourceShareInvitationsPages iterates over the pages of a GetResourceShareInvitations operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListPermissionVersions method for more information on how to use this operation.
+// See GetResourceShareInvitations method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListPermissionVersions operation.
+// // Example iterating over at most 3 pages of a GetResourceShareInvitations operation.
// pageNum := 0
-// err := client.ListPermissionVersionsPages(params,
-// func(page *ram.ListPermissionVersionsOutput, lastPage bool) bool {
+// err := client.GetResourceShareInvitationsPages(params,
+// func(page *ram.GetResourceShareInvitationsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *RAM) ListPermissionVersionsPages(input *ListPermissionVersionsInput, fn func(*ListPermissionVersionsOutput, bool) bool) error {
- return c.ListPermissionVersionsPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *RAM) GetResourceShareInvitationsPages(input *GetResourceShareInvitationsInput, fn func(*GetResourceShareInvitationsOutput, bool) bool) error {
+ return c.GetResourceShareInvitationsPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListPermissionVersionsPagesWithContext same as ListPermissionVersionsPages except
+// GetResourceShareInvitationsPagesWithContext same as GetResourceShareInvitationsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListPermissionVersionsPagesWithContext(ctx aws.Context, input *ListPermissionVersionsInput, fn func(*ListPermissionVersionsOutput, bool) bool, opts ...request.Option) error {
+func (c *RAM) GetResourceShareInvitationsPagesWithContext(ctx aws.Context, input *GetResourceShareInvitationsInput, fn func(*GetResourceShareInvitationsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListPermissionVersionsInput
+ var inCpy *GetResourceShareInvitationsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListPermissionVersionsRequest(inCpy)
+ req, _ := c.GetResourceShareInvitationsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -1896,7 +1929,7 @@ func (c *RAM) ListPermissionVersionsPagesWithContext(ctx aws.Context, input *Lis
}
for p.Next() {
- if !fn(p.Page().(*ListPermissionVersionsOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*GetResourceShareInvitationsOutput), !p.HasNextPage()) {
break
}
}
@@ -1904,36 +1937,36 @@ func (c *RAM) ListPermissionVersionsPagesWithContext(ctx aws.Context, input *Lis
return p.Err()
}
-const opListPermissions = "ListPermissions"
+const opGetResourceShares = "GetResourceShares"
-// ListPermissionsRequest generates a "aws/request.Request" representing the
-// client's request for the ListPermissions operation. The "output" return
+// GetResourceSharesRequest generates a "aws/request.Request" representing the
+// client's request for the GetResourceShares operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListPermissions for more information on using the ListPermissions
+// See GetResourceShares for more information on using the GetResourceShares
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListPermissionsRequest method.
-// req, resp := client.ListPermissionsRequest(params)
+// // Example sending a request using the GetResourceSharesRequest method.
+// req, resp := client.GetResourceSharesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissions
-func (c *RAM) ListPermissionsRequest(input *ListPermissionsInput) (req *request.Request, output *ListPermissionsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShares
+func (c *RAM) GetResourceSharesRequest(input *GetResourceSharesInput) (req *request.Request, output *GetResourceSharesOutput) {
op := &request.Operation{
- Name: opListPermissions,
+ Name: opGetResourceShares,
HTTPMethod: "POST",
- HTTPPath: "/listpermissions",
+ HTTPPath: "/getresourceshares",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -1943,101 +1976,108 @@ func (c *RAM) ListPermissionsRequest(input *ListPermissionsInput) (req *request.
}
if input == nil {
- input = &ListPermissionsInput{}
+ input = &GetResourceSharesInput{}
}
- output = &ListPermissionsOutput{}
+ output = &GetResourceSharesOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListPermissions API operation for AWS Resource Access Manager.
+// GetResourceShares API operation for AWS Resource Access Manager.
//
-// Retrieves a list of available RAM permissions that you can use for the supported
-// resource types.
+// Retrieves details about the resource shares that you own or that are shared
+// with you.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation ListPermissions for usage and error information.
+// API operation GetResourceShares for usage and error information.
//
// Returned Error Types:
//
-// - InvalidParameterException
-// A parameter is not valid.
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissions
-func (c *RAM) ListPermissions(input *ListPermissionsInput) (*ListPermissionsOutput, error) {
- req, out := c.ListPermissionsRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetResourceShares
+func (c *RAM) GetResourceShares(input *GetResourceSharesInput) (*GetResourceSharesOutput, error) {
+ req, out := c.GetResourceSharesRequest(input)
return out, req.Send()
}
-// ListPermissionsWithContext is the same as ListPermissions with the addition of
+// GetResourceSharesWithContext is the same as GetResourceShares with the addition of
// the ability to pass a context and additional request options.
//
-// See ListPermissions for details on how to use this API operation.
+// See GetResourceShares for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListPermissionsWithContext(ctx aws.Context, input *ListPermissionsInput, opts ...request.Option) (*ListPermissionsOutput, error) {
- req, out := c.ListPermissionsRequest(input)
+func (c *RAM) GetResourceSharesWithContext(ctx aws.Context, input *GetResourceSharesInput, opts ...request.Option) (*GetResourceSharesOutput, error) {
+ req, out := c.GetResourceSharesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListPermissionsPages iterates over the pages of a ListPermissions operation,
+// GetResourceSharesPages iterates over the pages of a GetResourceShares operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListPermissions method for more information on how to use this operation.
+// See GetResourceShares method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListPermissions operation.
+// // Example iterating over at most 3 pages of a GetResourceShares operation.
// pageNum := 0
-// err := client.ListPermissionsPages(params,
-// func(page *ram.ListPermissionsOutput, lastPage bool) bool {
+// err := client.GetResourceSharesPages(params,
+// func(page *ram.GetResourceSharesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *RAM) ListPermissionsPages(input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool) error {
- return c.ListPermissionsPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *RAM) GetResourceSharesPages(input *GetResourceSharesInput, fn func(*GetResourceSharesOutput, bool) bool) error {
+ return c.GetResourceSharesPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListPermissionsPagesWithContext same as ListPermissionsPages except
+// GetResourceSharesPagesWithContext same as GetResourceSharesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListPermissionsPagesWithContext(ctx aws.Context, input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool, opts ...request.Option) error {
+func (c *RAM) GetResourceSharesPagesWithContext(ctx aws.Context, input *GetResourceSharesInput, fn func(*GetResourceSharesOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListPermissionsInput
+ var inCpy *GetResourceSharesInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListPermissionsRequest(inCpy)
+ req, _ := c.GetResourceSharesRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -2045,7 +2085,7 @@ func (c *RAM) ListPermissionsPagesWithContext(ctx aws.Context, input *ListPermis
}
for p.Next() {
- if !fn(p.Page().(*ListPermissionsOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*GetResourceSharesOutput), !p.HasNextPage()) {
break
}
}
@@ -2053,36 +2093,36 @@ func (c *RAM) ListPermissionsPagesWithContext(ctx aws.Context, input *ListPermis
return p.Err()
}
-const opListPrincipals = "ListPrincipals"
+const opListPendingInvitationResources = "ListPendingInvitationResources"
-// ListPrincipalsRequest generates a "aws/request.Request" representing the
-// client's request for the ListPrincipals operation. The "output" return
+// ListPendingInvitationResourcesRequest generates a "aws/request.Request" representing the
+// client's request for the ListPendingInvitationResources operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListPrincipals for more information on using the ListPrincipals
+// See ListPendingInvitationResources for more information on using the ListPendingInvitationResources
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListPrincipalsRequest method.
-// req, resp := client.ListPrincipalsRequest(params)
+// // Example sending a request using the ListPendingInvitationResourcesRequest method.
+// req, resp := client.ListPendingInvitationResourcesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPrincipals
-func (c *RAM) ListPrincipalsRequest(input *ListPrincipalsInput) (req *request.Request, output *ListPrincipalsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPendingInvitationResources
+func (c *RAM) ListPendingInvitationResourcesRequest(input *ListPendingInvitationResourcesInput) (req *request.Request, output *ListPendingInvitationResourcesOutput) {
op := &request.Operation{
- Name: opListPrincipals,
+ Name: opListPendingInvitationResources,
HTTPMethod: "POST",
- HTTPPath: "/listprincipals",
+ HTTPPath: "/listpendinginvitationresources",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -2092,104 +2132,120 @@ func (c *RAM) ListPrincipalsRequest(input *ListPrincipalsInput) (req *request.Re
}
if input == nil {
- input = &ListPrincipalsInput{}
+ input = &ListPendingInvitationResourcesInput{}
}
- output = &ListPrincipalsOutput{}
+ output = &ListPendingInvitationResourcesOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListPrincipals API operation for AWS Resource Access Manager.
+// ListPendingInvitationResources API operation for AWS Resource Access Manager.
//
-// Lists the principals that you are sharing resources with or that are sharing
-// resources with you.
+// Lists the resources in a resource share that is shared with you but for which
+// the invitation is still PENDING. That means that you haven't accepted or
+// rejected the invitation and the invitation hasn't expired.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation ListPrincipals for usage and error information.
+// API operation ListPendingInvitationResources for usage and error information.
//
// Returned Error Types:
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
-//
-// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPrincipals
-func (c *RAM) ListPrincipals(input *ListPrincipalsInput) (*ListPrincipalsOutput, error) {
- req, out := c.ListPrincipalsRequest(input)
+// - ResourceShareInvitationArnNotFoundException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// for an invitation was not found.
+//
+// - MissingRequiredParameterException
+// The operation failed because a required input parameter is missing.
+//
+// - ResourceShareInvitationAlreadyRejectedException
+// The operation failed because the specified invitation was already rejected.
+//
+// - ResourceShareInvitationExpiredException
+// The operation failed because the specified invitation is past its expiration
+// date and time.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPendingInvitationResources
+func (c *RAM) ListPendingInvitationResources(input *ListPendingInvitationResourcesInput) (*ListPendingInvitationResourcesOutput, error) {
+ req, out := c.ListPendingInvitationResourcesRequest(input)
return out, req.Send()
}
-// ListPrincipalsWithContext is the same as ListPrincipals with the addition of
+// ListPendingInvitationResourcesWithContext is the same as ListPendingInvitationResources with the addition of
// the ability to pass a context and additional request options.
//
-// See ListPrincipals for details on how to use this API operation.
+// See ListPendingInvitationResources for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListPrincipalsWithContext(ctx aws.Context, input *ListPrincipalsInput, opts ...request.Option) (*ListPrincipalsOutput, error) {
- req, out := c.ListPrincipalsRequest(input)
+func (c *RAM) ListPendingInvitationResourcesWithContext(ctx aws.Context, input *ListPendingInvitationResourcesInput, opts ...request.Option) (*ListPendingInvitationResourcesOutput, error) {
+ req, out := c.ListPendingInvitationResourcesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListPrincipalsPages iterates over the pages of a ListPrincipals operation,
+// ListPendingInvitationResourcesPages iterates over the pages of a ListPendingInvitationResources operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListPrincipals method for more information on how to use this operation.
+// See ListPendingInvitationResources method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListPrincipals operation.
+// // Example iterating over at most 3 pages of a ListPendingInvitationResources operation.
// pageNum := 0
-// err := client.ListPrincipalsPages(params,
-// func(page *ram.ListPrincipalsOutput, lastPage bool) bool {
+// err := client.ListPendingInvitationResourcesPages(params,
+// func(page *ram.ListPendingInvitationResourcesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *RAM) ListPrincipalsPages(input *ListPrincipalsInput, fn func(*ListPrincipalsOutput, bool) bool) error {
- return c.ListPrincipalsPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *RAM) ListPendingInvitationResourcesPages(input *ListPendingInvitationResourcesInput, fn func(*ListPendingInvitationResourcesOutput, bool) bool) error {
+ return c.ListPendingInvitationResourcesPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListPrincipalsPagesWithContext same as ListPrincipalsPages except
+// ListPendingInvitationResourcesPagesWithContext same as ListPendingInvitationResourcesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListPrincipalsPagesWithContext(ctx aws.Context, input *ListPrincipalsInput, fn func(*ListPrincipalsOutput, bool) bool, opts ...request.Option) error {
+func (c *RAM) ListPendingInvitationResourcesPagesWithContext(ctx aws.Context, input *ListPendingInvitationResourcesInput, fn func(*ListPendingInvitationResourcesOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListPrincipalsInput
+ var inCpy *ListPendingInvitationResourcesInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListPrincipalsRequest(inCpy)
+ req, _ := c.ListPendingInvitationResourcesRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -2197,7 +2253,7 @@ func (c *RAM) ListPrincipalsPagesWithContext(ctx aws.Context, input *ListPrincip
}
for p.Next() {
- if !fn(p.Page().(*ListPrincipalsOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListPendingInvitationResourcesOutput), !p.HasNextPage()) {
break
}
}
@@ -2205,36 +2261,36 @@ func (c *RAM) ListPrincipalsPagesWithContext(ctx aws.Context, input *ListPrincip
return p.Err()
}
-const opListResourceSharePermissions = "ListResourceSharePermissions"
+const opListPermissionAssociations = "ListPermissionAssociations"
-// ListResourceSharePermissionsRequest generates a "aws/request.Request" representing the
-// client's request for the ListResourceSharePermissions operation. The "output" return
+// ListPermissionAssociationsRequest generates a "aws/request.Request" representing the
+// client's request for the ListPermissionAssociations operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListResourceSharePermissions for more information on using the ListResourceSharePermissions
+// See ListPermissionAssociations for more information on using the ListPermissionAssociations
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListResourceSharePermissionsRequest method.
-// req, resp := client.ListResourceSharePermissionsRequest(params)
+// // Example sending a request using the ListPermissionAssociationsRequest method.
+// req, resp := client.ListPermissionAssociationsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceSharePermissions
-func (c *RAM) ListResourceSharePermissionsRequest(input *ListResourceSharePermissionsInput) (req *request.Request, output *ListResourceSharePermissionsOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionAssociations
+func (c *RAM) ListPermissionAssociationsRequest(input *ListPermissionAssociationsInput) (req *request.Request, output *ListPermissionAssociationsOutput) {
op := &request.Operation{
- Name: opListResourceSharePermissions,
+ Name: opListPermissionAssociations,
HTTPMethod: "POST",
- HTTPPath: "/listresourcesharepermissions",
+ HTTPPath: "/listpermissionassociations",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -2244,106 +2300,106 @@ func (c *RAM) ListResourceSharePermissionsRequest(input *ListResourceSharePermis
}
if input == nil {
- input = &ListResourceSharePermissionsInput{}
+ input = &ListPermissionAssociationsInput{}
}
- output = &ListResourceSharePermissionsOutput{}
+ output = &ListPermissionAssociationsOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListResourceSharePermissions API operation for AWS Resource Access Manager.
+// ListPermissionAssociations API operation for AWS Resource Access Manager.
//
-// Lists the RAM permissions that are associated with a resource share.
+// Lists information about the managed permission and its associations to any
+// resource shares that use this managed permission. This lets you see which
+// resource shares use which versions of the specified managed permission.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation ListResourceSharePermissions for usage and error information.
+// API operation ListPermissionAssociations for usage and error information.
//
// Returned Error Types:
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
-//
-// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
-//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceSharePermissions
-func (c *RAM) ListResourceSharePermissions(input *ListResourceSharePermissionsInput) (*ListResourceSharePermissionsOutput, error) {
- req, out := c.ListResourceSharePermissionsRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionAssociations
+func (c *RAM) ListPermissionAssociations(input *ListPermissionAssociationsInput) (*ListPermissionAssociationsOutput, error) {
+ req, out := c.ListPermissionAssociationsRequest(input)
return out, req.Send()
}
-// ListResourceSharePermissionsWithContext is the same as ListResourceSharePermissions with the addition of
+// ListPermissionAssociationsWithContext is the same as ListPermissionAssociations with the addition of
// the ability to pass a context and additional request options.
//
-// See ListResourceSharePermissions for details on how to use this API operation.
+// See ListPermissionAssociations for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListResourceSharePermissionsWithContext(ctx aws.Context, input *ListResourceSharePermissionsInput, opts ...request.Option) (*ListResourceSharePermissionsOutput, error) {
- req, out := c.ListResourceSharePermissionsRequest(input)
+func (c *RAM) ListPermissionAssociationsWithContext(ctx aws.Context, input *ListPermissionAssociationsInput, opts ...request.Option) (*ListPermissionAssociationsOutput, error) {
+ req, out := c.ListPermissionAssociationsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListResourceSharePermissionsPages iterates over the pages of a ListResourceSharePermissions operation,
+// ListPermissionAssociationsPages iterates over the pages of a ListPermissionAssociations operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListResourceSharePermissions method for more information on how to use this operation.
+// See ListPermissionAssociations method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListResourceSharePermissions operation.
+// // Example iterating over at most 3 pages of a ListPermissionAssociations operation.
// pageNum := 0
-// err := client.ListResourceSharePermissionsPages(params,
-// func(page *ram.ListResourceSharePermissionsOutput, lastPage bool) bool {
+// err := client.ListPermissionAssociationsPages(params,
+// func(page *ram.ListPermissionAssociationsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *RAM) ListResourceSharePermissionsPages(input *ListResourceSharePermissionsInput, fn func(*ListResourceSharePermissionsOutput, bool) bool) error {
- return c.ListResourceSharePermissionsPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *RAM) ListPermissionAssociationsPages(input *ListPermissionAssociationsInput, fn func(*ListPermissionAssociationsOutput, bool) bool) error {
+ return c.ListPermissionAssociationsPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListResourceSharePermissionsPagesWithContext same as ListResourceSharePermissionsPages except
+// ListPermissionAssociationsPagesWithContext same as ListPermissionAssociationsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListResourceSharePermissionsPagesWithContext(ctx aws.Context, input *ListResourceSharePermissionsInput, fn func(*ListResourceSharePermissionsOutput, bool) bool, opts ...request.Option) error {
+func (c *RAM) ListPermissionAssociationsPagesWithContext(ctx aws.Context, input *ListPermissionAssociationsInput, fn func(*ListPermissionAssociationsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListResourceSharePermissionsInput
+ var inCpy *ListPermissionAssociationsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListResourceSharePermissionsRequest(inCpy)
+ req, _ := c.ListPermissionAssociationsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -2351,7 +2407,7 @@ func (c *RAM) ListResourceSharePermissionsPagesWithContext(ctx aws.Context, inpu
}
for p.Next() {
- if !fn(p.Page().(*ListResourceSharePermissionsOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListPermissionAssociationsOutput), !p.HasNextPage()) {
break
}
}
@@ -2359,36 +2415,36 @@ func (c *RAM) ListResourceSharePermissionsPagesWithContext(ctx aws.Context, inpu
return p.Err()
}
-const opListResourceTypes = "ListResourceTypes"
+const opListPermissionVersions = "ListPermissionVersions"
-// ListResourceTypesRequest generates a "aws/request.Request" representing the
-// client's request for the ListResourceTypes operation. The "output" return
+// ListPermissionVersionsRequest generates a "aws/request.Request" representing the
+// client's request for the ListPermissionVersions operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListResourceTypes for more information on using the ListResourceTypes
+// See ListPermissionVersions for more information on using the ListPermissionVersions
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListResourceTypesRequest method.
-// req, resp := client.ListResourceTypesRequest(params)
+// // Example sending a request using the ListPermissionVersionsRequest method.
+// req, resp := client.ListPermissionVersionsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceTypes
-func (c *RAM) ListResourceTypesRequest(input *ListResourceTypesInput) (req *request.Request, output *ListResourceTypesOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionVersions
+func (c *RAM) ListPermissionVersionsRequest(input *ListPermissionVersionsInput) (req *request.Request, output *ListPermissionVersionsOutput) {
op := &request.Operation{
- Name: opListResourceTypes,
+ Name: opListPermissionVersions,
HTTPMethod: "POST",
- HTTPPath: "/listresourcetypes",
+ HTTPPath: "/listpermissionversions",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -2398,97 +2454,110 @@ func (c *RAM) ListResourceTypesRequest(input *ListResourceTypesInput) (req *requ
}
if input == nil {
- input = &ListResourceTypesInput{}
+ input = &ListPermissionVersionsInput{}
}
- output = &ListResourceTypesOutput{}
+ output = &ListPermissionVersionsOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListResourceTypes API operation for AWS Resource Access Manager.
+// ListPermissionVersions API operation for AWS Resource Access Manager.
//
-// Lists the resource types that can be shared by RAM.
+// Lists the available versions of the specified RAM permission.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation ListResourceTypes for usage and error information.
+// API operation ListPermissionVersions for usage and error information.
//
// Returned Error Types:
//
-// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
-// - InvalidParameterException
-// A parameter is not valid.
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - InvalidNextTokenException
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceTypes
-func (c *RAM) ListResourceTypes(input *ListResourceTypesInput) (*ListResourceTypesOutput, error) {
- req, out := c.ListResourceTypesRequest(input)
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionVersions
+func (c *RAM) ListPermissionVersions(input *ListPermissionVersionsInput) (*ListPermissionVersionsOutput, error) {
+ req, out := c.ListPermissionVersionsRequest(input)
return out, req.Send()
}
-// ListResourceTypesWithContext is the same as ListResourceTypes with the addition of
+// ListPermissionVersionsWithContext is the same as ListPermissionVersions with the addition of
// the ability to pass a context and additional request options.
//
-// See ListResourceTypes for details on how to use this API operation.
+// See ListPermissionVersions for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListResourceTypesWithContext(ctx aws.Context, input *ListResourceTypesInput, opts ...request.Option) (*ListResourceTypesOutput, error) {
- req, out := c.ListResourceTypesRequest(input)
+func (c *RAM) ListPermissionVersionsWithContext(ctx aws.Context, input *ListPermissionVersionsInput, opts ...request.Option) (*ListPermissionVersionsOutput, error) {
+ req, out := c.ListPermissionVersionsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListResourceTypesPages iterates over the pages of a ListResourceTypes operation,
+// ListPermissionVersionsPages iterates over the pages of a ListPermissionVersions operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListResourceTypes method for more information on how to use this operation.
+// See ListPermissionVersions method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListResourceTypes operation.
+// // Example iterating over at most 3 pages of a ListPermissionVersions operation.
// pageNum := 0
-// err := client.ListResourceTypesPages(params,
-// func(page *ram.ListResourceTypesOutput, lastPage bool) bool {
+// err := client.ListPermissionVersionsPages(params,
+// func(page *ram.ListPermissionVersionsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *RAM) ListResourceTypesPages(input *ListResourceTypesInput, fn func(*ListResourceTypesOutput, bool) bool) error {
- return c.ListResourceTypesPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *RAM) ListPermissionVersionsPages(input *ListPermissionVersionsInput, fn func(*ListPermissionVersionsOutput, bool) bool) error {
+ return c.ListPermissionVersionsPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListResourceTypesPagesWithContext same as ListResourceTypesPages except
+// ListPermissionVersionsPagesWithContext same as ListPermissionVersionsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListResourceTypesPagesWithContext(ctx aws.Context, input *ListResourceTypesInput, fn func(*ListResourceTypesOutput, bool) bool, opts ...request.Option) error {
+func (c *RAM) ListPermissionVersionsPagesWithContext(ctx aws.Context, input *ListPermissionVersionsInput, fn func(*ListPermissionVersionsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListResourceTypesInput
+ var inCpy *ListPermissionVersionsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListResourceTypesRequest(inCpy)
+ req, _ := c.ListPermissionVersionsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -2496,7 +2565,7 @@ func (c *RAM) ListResourceTypesPagesWithContext(ctx aws.Context, input *ListReso
}
for p.Next() {
- if !fn(p.Page().(*ListResourceTypesOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListPermissionVersionsOutput), !p.HasNextPage()) {
break
}
}
@@ -2504,36 +2573,36 @@ func (c *RAM) ListResourceTypesPagesWithContext(ctx aws.Context, input *ListReso
return p.Err()
}
-const opListResources = "ListResources"
+const opListPermissions = "ListPermissions"
-// ListResourcesRequest generates a "aws/request.Request" representing the
-// client's request for the ListResources operation. The "output" return
+// ListPermissionsRequest generates a "aws/request.Request" representing the
+// client's request for the ListPermissions operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See ListResources for more information on using the ListResources
+// See ListPermissions for more information on using the ListPermissions
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the ListResourcesRequest method.
-// req, resp := client.ListResourcesRequest(params)
+// // Example sending a request using the ListPermissionsRequest method.
+// req, resp := client.ListPermissionsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResources
-func (c *RAM) ListResourcesRequest(input *ListResourcesInput) (req *request.Request, output *ListResourcesOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissions
+func (c *RAM) ListPermissionsRequest(input *ListPermissionsInput) (req *request.Request, output *ListPermissionsOutput) {
op := &request.Operation{
- Name: opListResources,
+ Name: opListPermissions,
HTTPMethod: "POST",
- HTTPPath: "/listresources",
+ HTTPPath: "/listpermissions",
Paginator: &request.Paginator{
InputTokens: []string{"nextToken"},
OutputTokens: []string{"nextToken"},
@@ -2543,107 +2612,104 @@ func (c *RAM) ListResourcesRequest(input *ListResourcesInput) (req *request.Requ
}
if input == nil {
- input = &ListResourcesInput{}
+ input = &ListPermissionsInput{}
}
- output = &ListResourcesOutput{}
+ output = &ListPermissionsOutput{}
req = c.newRequest(op, input, output)
return
}
-// ListResources API operation for AWS Resource Access Manager.
+// ListPermissions API operation for AWS Resource Access Manager.
//
-// Lists the resources that you added to a resource share or the resources that
-// are shared with you.
+// Retrieves a list of available RAM permissions that you can use for the supported
+// resource types.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation ListResources for usage and error information.
+// API operation ListPermissions for usage and error information.
//
// Returned Error Types:
//
-// - InvalidResourceTypeException
-// The specified resource type is not valid.
-//
-// - UnknownResourceException
-// A specified resource was not found.
-//
-// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
//
// - InvalidNextTokenException
-// The specified value for NextToken is not valid.
-//
-// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResources
-func (c *RAM) ListResources(input *ListResourcesInput) (*ListResourcesOutput, error) {
- req, out := c.ListResourcesRequest(input)
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissions
+func (c *RAM) ListPermissions(input *ListPermissionsInput) (*ListPermissionsOutput, error) {
+ req, out := c.ListPermissionsRequest(input)
return out, req.Send()
}
-// ListResourcesWithContext is the same as ListResources with the addition of
+// ListPermissionsWithContext is the same as ListPermissions with the addition of
// the ability to pass a context and additional request options.
//
-// See ListResources for details on how to use this API operation.
+// See ListPermissions for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListResourcesWithContext(ctx aws.Context, input *ListResourcesInput, opts ...request.Option) (*ListResourcesOutput, error) {
- req, out := c.ListResourcesRequest(input)
+func (c *RAM) ListPermissionsWithContext(ctx aws.Context, input *ListPermissionsInput, opts ...request.Option) (*ListPermissionsOutput, error) {
+ req, out := c.ListPermissionsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-// ListResourcesPages iterates over the pages of a ListResources operation,
+// ListPermissionsPages iterates over the pages of a ListPermissions operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
-// See ListResources method for more information on how to use this operation.
+// See ListPermissions method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
-// // Example iterating over at most 3 pages of a ListResources operation.
+// // Example iterating over at most 3 pages of a ListPermissions operation.
// pageNum := 0
-// err := client.ListResourcesPages(params,
-// func(page *ram.ListResourcesOutput, lastPage bool) bool {
+// err := client.ListPermissionsPages(params,
+// func(page *ram.ListPermissionsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
-func (c *RAM) ListResourcesPages(input *ListResourcesInput, fn func(*ListResourcesOutput, bool) bool) error {
- return c.ListResourcesPagesWithContext(aws.BackgroundContext(), input, fn)
+func (c *RAM) ListPermissionsPages(input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool) error {
+ return c.ListPermissionsPagesWithContext(aws.BackgroundContext(), input, fn)
}
-// ListResourcesPagesWithContext same as ListResourcesPages except
+// ListPermissionsPagesWithContext same as ListPermissionsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) ListResourcesPagesWithContext(ctx aws.Context, input *ListResourcesInput, fn func(*ListResourcesOutput, bool) bool, opts ...request.Option) error {
+func (c *RAM) ListPermissionsPagesWithContext(ctx aws.Context, input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
- var inCpy *ListResourcesInput
+ var inCpy *ListPermissionsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
- req, _ := c.ListResourcesRequest(inCpy)
+ req, _ := c.ListPermissionsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
@@ -2651,7 +2717,7 @@ func (c *RAM) ListResourcesPagesWithContext(ctx aws.Context, input *ListResource
}
for p.Next() {
- if !fn(p.Page().(*ListResourcesOutput), !p.HasNextPage()) {
+ if !fn(p.Page().(*ListPermissionsOutput), !p.HasNextPage()) {
break
}
}
@@ -2659,519 +2725,2418 @@ func (c *RAM) ListResourcesPagesWithContext(ctx aws.Context, input *ListResource
return p.Err()
}
-const opPromoteResourceShareCreatedFromPolicy = "PromoteResourceShareCreatedFromPolicy"
+const opListPrincipals = "ListPrincipals"
-// PromoteResourceShareCreatedFromPolicyRequest generates a "aws/request.Request" representing the
-// client's request for the PromoteResourceShareCreatedFromPolicy operation. The "output" return
+// ListPrincipalsRequest generates a "aws/request.Request" representing the
+// client's request for the ListPrincipals operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See PromoteResourceShareCreatedFromPolicy for more information on using the PromoteResourceShareCreatedFromPolicy
+// See ListPrincipals for more information on using the ListPrincipals
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the PromoteResourceShareCreatedFromPolicyRequest method.
-// req, resp := client.PromoteResourceShareCreatedFromPolicyRequest(params)
+// // Example sending a request using the ListPrincipalsRequest method.
+// req, resp := client.ListPrincipalsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/PromoteResourceShareCreatedFromPolicy
-func (c *RAM) PromoteResourceShareCreatedFromPolicyRequest(input *PromoteResourceShareCreatedFromPolicyInput) (req *request.Request, output *PromoteResourceShareCreatedFromPolicyOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPrincipals
+func (c *RAM) ListPrincipalsRequest(input *ListPrincipalsInput) (req *request.Request, output *ListPrincipalsOutput) {
op := &request.Operation{
- Name: opPromoteResourceShareCreatedFromPolicy,
+ Name: opListPrincipals,
HTTPMethod: "POST",
- HTTPPath: "/promoteresourcesharecreatedfrompolicy",
+ HTTPPath: "/listprincipals",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
}
if input == nil {
- input = &PromoteResourceShareCreatedFromPolicyInput{}
+ input = &ListPrincipalsInput{}
}
- output = &PromoteResourceShareCreatedFromPolicyOutput{}
+ output = &ListPrincipalsOutput{}
req = c.newRequest(op, input, output)
return
}
-// PromoteResourceShareCreatedFromPolicy API operation for AWS Resource Access Manager.
-//
-// When you attach a resource-based permission policy to a resource, it automatically
-// creates a resource share. However, resource shares created this way are visible
-// only to the resource share owner, and the resource share can't be modified
-// in RAM.
+// ListPrincipals API operation for AWS Resource Access Manager.
//
-// You can use this operation to promote the resource share to a full RAM resource
-// share. When you promote a resource share, you can then manage the resource
-// share in RAM and it becomes visible to all of the principals you shared it
-// with.
+// Lists the principals that you are sharing resources with or that are sharing
+// resources with you.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation PromoteResourceShareCreatedFromPolicy for usage and error information.
+// API operation ListPrincipals for usage and error information.
//
// Returned Error Types:
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
-// - ResourceShareLimitExceededException
-// This request would exceed the limit for resource shares for your account.
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
+// - InvalidNextTokenException
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
// - InvalidParameterException
-// A parameter is not valid.
-//
-// - MissingRequiredParameterException
-// A required input parameter is missing.
+// The operation failed because a parameter you specified isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// - UnknownResourceException
-// A specified resource was not found.
-//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/PromoteResourceShareCreatedFromPolicy
-func (c *RAM) PromoteResourceShareCreatedFromPolicy(input *PromoteResourceShareCreatedFromPolicyInput) (*PromoteResourceShareCreatedFromPolicyOutput, error) {
- req, out := c.PromoteResourceShareCreatedFromPolicyRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPrincipals
+func (c *RAM) ListPrincipals(input *ListPrincipalsInput) (*ListPrincipalsOutput, error) {
+ req, out := c.ListPrincipalsRequest(input)
return out, req.Send()
}
-// PromoteResourceShareCreatedFromPolicyWithContext is the same as PromoteResourceShareCreatedFromPolicy with the addition of
+// ListPrincipalsWithContext is the same as ListPrincipals with the addition of
// the ability to pass a context and additional request options.
//
-// See PromoteResourceShareCreatedFromPolicy for details on how to use this API operation.
+// See ListPrincipals for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) PromoteResourceShareCreatedFromPolicyWithContext(ctx aws.Context, input *PromoteResourceShareCreatedFromPolicyInput, opts ...request.Option) (*PromoteResourceShareCreatedFromPolicyOutput, error) {
- req, out := c.PromoteResourceShareCreatedFromPolicyRequest(input)
+func (c *RAM) ListPrincipalsWithContext(ctx aws.Context, input *ListPrincipalsInput, opts ...request.Option) (*ListPrincipalsOutput, error) {
+ req, out := c.ListPrincipalsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opRejectResourceShareInvitation = "RejectResourceShareInvitation"
+// ListPrincipalsPages iterates over the pages of a ListPrincipals operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListPrincipals method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListPrincipals operation.
+// pageNum := 0
+// err := client.ListPrincipalsPages(params,
+// func(page *ram.ListPrincipalsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *RAM) ListPrincipalsPages(input *ListPrincipalsInput, fn func(*ListPrincipalsOutput, bool) bool) error {
+ return c.ListPrincipalsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
-// RejectResourceShareInvitationRequest generates a "aws/request.Request" representing the
-// client's request for the RejectResourceShareInvitation operation. The "output" return
+// ListPrincipalsPagesWithContext same as ListPrincipalsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) ListPrincipalsPagesWithContext(ctx aws.Context, input *ListPrincipalsInput, fn func(*ListPrincipalsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListPrincipalsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListPrincipalsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListPrincipalsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListReplacePermissionAssociationsWork = "ListReplacePermissionAssociationsWork"
+
+// ListReplacePermissionAssociationsWorkRequest generates a "aws/request.Request" representing the
+// client's request for the ListReplacePermissionAssociationsWork operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See RejectResourceShareInvitation for more information on using the RejectResourceShareInvitation
+// See ListReplacePermissionAssociationsWork for more information on using the ListReplacePermissionAssociationsWork
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the RejectResourceShareInvitationRequest method.
-// req, resp := client.RejectResourceShareInvitationRequest(params)
+// // Example sending a request using the ListReplacePermissionAssociationsWorkRequest method.
+// req, resp := client.ListReplacePermissionAssociationsWorkRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/RejectResourceShareInvitation
-func (c *RAM) RejectResourceShareInvitationRequest(input *RejectResourceShareInvitationInput) (req *request.Request, output *RejectResourceShareInvitationOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListReplacePermissionAssociationsWork
+func (c *RAM) ListReplacePermissionAssociationsWorkRequest(input *ListReplacePermissionAssociationsWorkInput) (req *request.Request, output *ListReplacePermissionAssociationsWorkOutput) {
op := &request.Operation{
- Name: opRejectResourceShareInvitation,
+ Name: opListReplacePermissionAssociationsWork,
HTTPMethod: "POST",
- HTTPPath: "/rejectresourceshareinvitation",
+ HTTPPath: "/listreplacepermissionassociationswork",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
}
if input == nil {
- input = &RejectResourceShareInvitationInput{}
+ input = &ListReplacePermissionAssociationsWorkInput{}
}
- output = &RejectResourceShareInvitationOutput{}
+ output = &ListReplacePermissionAssociationsWorkOutput{}
req = c.newRequest(op, input, output)
return
}
-// RejectResourceShareInvitation API operation for AWS Resource Access Manager.
+// ListReplacePermissionAssociationsWork API operation for AWS Resource Access Manager.
//
-// Rejects an invitation to a resource share from another Amazon Web Services
-// account.
+// Retrieves the current status of the asynchronous tasks performed by RAM when
+// you perform the ReplacePermissionAssociationsWork operation.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation RejectResourceShareInvitation for usage and error information.
+// API operation ListReplacePermissionAssociationsWork for usage and error information.
//
// Returned Error Types:
//
-// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
-//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
-//
-// - ResourceShareInvitationArnNotFoundException
-// The specified Amazon Resource Name (ARN) for an invitation was not found.
-//
-// - ResourceShareInvitationAlreadyAcceptedException
-// The specified invitation was already accepted.
-//
-// - ResourceShareInvitationAlreadyRejectedException
-// The specified invitation was already rejected.
-//
-// - ResourceShareInvitationExpiredException
-// The specified invitation is expired.
-//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// - InvalidClientTokenException
-// The client token is not valid.
+// - InvalidNextTokenException
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
-// - IdempotentParameterMismatchException
-// The client token input parameter was matched one used with a previous call
-// to the operation, but at least one of the other input parameters is different
-// from the previous call.
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/RejectResourceShareInvitation
-func (c *RAM) RejectResourceShareInvitation(input *RejectResourceShareInvitationInput) (*RejectResourceShareInvitationOutput, error) {
- req, out := c.RejectResourceShareInvitationRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListReplacePermissionAssociationsWork
+func (c *RAM) ListReplacePermissionAssociationsWork(input *ListReplacePermissionAssociationsWorkInput) (*ListReplacePermissionAssociationsWorkOutput, error) {
+ req, out := c.ListReplacePermissionAssociationsWorkRequest(input)
return out, req.Send()
}
-// RejectResourceShareInvitationWithContext is the same as RejectResourceShareInvitation with the addition of
+// ListReplacePermissionAssociationsWorkWithContext is the same as ListReplacePermissionAssociationsWork with the addition of
// the ability to pass a context and additional request options.
//
-// See RejectResourceShareInvitation for details on how to use this API operation.
+// See ListReplacePermissionAssociationsWork for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) RejectResourceShareInvitationWithContext(ctx aws.Context, input *RejectResourceShareInvitationInput, opts ...request.Option) (*RejectResourceShareInvitationOutput, error) {
- req, out := c.RejectResourceShareInvitationRequest(input)
+func (c *RAM) ListReplacePermissionAssociationsWorkWithContext(ctx aws.Context, input *ListReplacePermissionAssociationsWorkInput, opts ...request.Option) (*ListReplacePermissionAssociationsWorkOutput, error) {
+ req, out := c.ListReplacePermissionAssociationsWorkRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opTagResource = "TagResource"
+// ListReplacePermissionAssociationsWorkPages iterates over the pages of a ListReplacePermissionAssociationsWork operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListReplacePermissionAssociationsWork method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListReplacePermissionAssociationsWork operation.
+// pageNum := 0
+// err := client.ListReplacePermissionAssociationsWorkPages(params,
+// func(page *ram.ListReplacePermissionAssociationsWorkOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *RAM) ListReplacePermissionAssociationsWorkPages(input *ListReplacePermissionAssociationsWorkInput, fn func(*ListReplacePermissionAssociationsWorkOutput, bool) bool) error {
+ return c.ListReplacePermissionAssociationsWorkPagesWithContext(aws.BackgroundContext(), input, fn)
+}
-// TagResourceRequest generates a "aws/request.Request" representing the
-// client's request for the TagResource operation. The "output" return
+// ListReplacePermissionAssociationsWorkPagesWithContext same as ListReplacePermissionAssociationsWorkPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) ListReplacePermissionAssociationsWorkPagesWithContext(ctx aws.Context, input *ListReplacePermissionAssociationsWorkInput, fn func(*ListReplacePermissionAssociationsWorkOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListReplacePermissionAssociationsWorkInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListReplacePermissionAssociationsWorkRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListReplacePermissionAssociationsWorkOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListResourceSharePermissions = "ListResourceSharePermissions"
+
+// ListResourceSharePermissionsRequest generates a "aws/request.Request" representing the
+// client's request for the ListResourceSharePermissions operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See TagResource for more information on using the TagResource
+// See ListResourceSharePermissions for more information on using the ListResourceSharePermissions
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the TagResourceRequest method.
-// req, resp := client.TagResourceRequest(params)
+// // Example sending a request using the ListResourceSharePermissionsRequest method.
+// req, resp := client.ListResourceSharePermissionsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/TagResource
-func (c *RAM) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceSharePermissions
+func (c *RAM) ListResourceSharePermissionsRequest(input *ListResourceSharePermissionsInput) (req *request.Request, output *ListResourceSharePermissionsOutput) {
op := &request.Operation{
- Name: opTagResource,
+ Name: opListResourceSharePermissions,
HTTPMethod: "POST",
- HTTPPath: "/tagresource",
+ HTTPPath: "/listresourcesharepermissions",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
}
if input == nil {
- input = &TagResourceInput{}
+ input = &ListResourceSharePermissionsInput{}
}
- output = &TagResourceOutput{}
+ output = &ListResourceSharePermissionsOutput{}
req = c.newRequest(op, input, output)
- req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
-// TagResource API operation for AWS Resource Access Manager.
+// ListResourceSharePermissions API operation for AWS Resource Access Manager.
//
-// Adds the specified tag keys and values to the specified resource share. The
-// tags are attached only to the resource share, not to the resources that are
-// in the resource share.
+// Lists the RAM permissions that are associated with a resource share.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation TagResource for usage and error information.
+// API operation ListResourceSharePermissions for usage and error information.
//
// Returned Error Types:
//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
// - UnknownResourceException
-// A specified resource was not found.
-//
-// - TagLimitExceededException
-// This request would exceed the limit for tags for your account.
-//
-// - ResourceArnNotFoundException
-// The specified Amazon Resource Name (ARN) was not found.
+// The operation failed because a specified resource couldn't be found.
//
-// - TagPolicyViolationException
-// The specified tag key is a reserved word and can't be used.
+// - InvalidNextTokenException
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/TagResource
-func (c *RAM) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
- req, out := c.TagResourceRequest(input)
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceSharePermissions
+func (c *RAM) ListResourceSharePermissions(input *ListResourceSharePermissionsInput) (*ListResourceSharePermissionsOutput, error) {
+ req, out := c.ListResourceSharePermissionsRequest(input)
return out, req.Send()
}
-// TagResourceWithContext is the same as TagResource with the addition of
+// ListResourceSharePermissionsWithContext is the same as ListResourceSharePermissions with the addition of
// the ability to pass a context and additional request options.
//
-// See TagResource for details on how to use this API operation.
+// See ListResourceSharePermissions for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
- req, out := c.TagResourceRequest(input)
+func (c *RAM) ListResourceSharePermissionsWithContext(ctx aws.Context, input *ListResourceSharePermissionsInput, opts ...request.Option) (*ListResourceSharePermissionsOutput, error) {
+ req, out := c.ListResourceSharePermissionsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUntagResource = "UntagResource"
-
-// UntagResourceRequest generates a "aws/request.Request" representing the
-// client's request for the UntagResource operation. The "output" return
-// value will be populated with the request's response once the request completes
-// successfully.
+// ListResourceSharePermissionsPages iterates over the pages of a ListResourceSharePermissions operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
//
-// Use "Send" method on the returned Request to send the API call to the service.
-// the "output" return value is not valid until after Send returns without error.
+// See ListResourceSharePermissions method for more information on how to use this operation.
//
-// See UntagResource for more information on using the UntagResource
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListResourceSharePermissions operation.
+// pageNum := 0
+// err := client.ListResourceSharePermissionsPages(params,
+// func(page *ram.ListResourceSharePermissionsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *RAM) ListResourceSharePermissionsPages(input *ListResourceSharePermissionsInput, fn func(*ListResourceSharePermissionsOutput, bool) bool) error {
+ return c.ListResourceSharePermissionsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListResourceSharePermissionsPagesWithContext same as ListResourceSharePermissionsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) ListResourceSharePermissionsPagesWithContext(ctx aws.Context, input *ListResourceSharePermissionsInput, fn func(*ListResourceSharePermissionsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListResourceSharePermissionsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListResourceSharePermissionsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListResourceSharePermissionsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListResourceTypes = "ListResourceTypes"
+
+// ListResourceTypesRequest generates a "aws/request.Request" representing the
+// client's request for the ListResourceTypes operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListResourceTypes for more information on using the ListResourceTypes
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the UntagResourceRequest method.
-// req, resp := client.UntagResourceRequest(params)
+// // Example sending a request using the ListResourceTypesRequest method.
+// req, resp := client.ListResourceTypesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UntagResource
-func (c *RAM) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceTypes
+func (c *RAM) ListResourceTypesRequest(input *ListResourceTypesInput) (req *request.Request, output *ListResourceTypesOutput) {
op := &request.Operation{
- Name: opUntagResource,
+ Name: opListResourceTypes,
HTTPMethod: "POST",
- HTTPPath: "/untagresource",
+ HTTPPath: "/listresourcetypes",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
}
if input == nil {
- input = &UntagResourceInput{}
+ input = &ListResourceTypesInput{}
}
- output = &UntagResourceOutput{}
+ output = &ListResourceTypesOutput{}
req = c.newRequest(op, input, output)
- req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
-// UntagResource API operation for AWS Resource Access Manager.
+// ListResourceTypes API operation for AWS Resource Access Manager.
//
-// Removes the specified tag key and value pairs from the specified resource
-// share.
+// Lists the resource types that can be shared by RAM.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation UntagResource for usage and error information.
+// API operation ListResourceTypes for usage and error information.
//
// Returned Error Types:
//
+// - InvalidNextTokenException
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
+//
// - InvalidParameterException
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UntagResource
-func (c *RAM) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
- req, out := c.UntagResourceRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceTypes
+func (c *RAM) ListResourceTypes(input *ListResourceTypesInput) (*ListResourceTypesOutput, error) {
+ req, out := c.ListResourceTypesRequest(input)
return out, req.Send()
}
-// UntagResourceWithContext is the same as UntagResource with the addition of
+// ListResourceTypesWithContext is the same as ListResourceTypes with the addition of
// the ability to pass a context and additional request options.
//
-// See UntagResource for details on how to use this API operation.
+// See ListResourceTypes for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
- req, out := c.UntagResourceRequest(input)
+func (c *RAM) ListResourceTypesWithContext(ctx aws.Context, input *ListResourceTypesInput, opts ...request.Option) (*ListResourceTypesOutput, error) {
+ req, out := c.ListResourceTypesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-const opUpdateResourceShare = "UpdateResourceShare"
+// ListResourceTypesPages iterates over the pages of a ListResourceTypes operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListResourceTypes method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListResourceTypes operation.
+// pageNum := 0
+// err := client.ListResourceTypesPages(params,
+// func(page *ram.ListResourceTypesOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *RAM) ListResourceTypesPages(input *ListResourceTypesInput, fn func(*ListResourceTypesOutput, bool) bool) error {
+ return c.ListResourceTypesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
-// UpdateResourceShareRequest generates a "aws/request.Request" representing the
-// client's request for the UpdateResourceShare operation. The "output" return
+// ListResourceTypesPagesWithContext same as ListResourceTypesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) ListResourceTypesPagesWithContext(ctx aws.Context, input *ListResourceTypesInput, fn func(*ListResourceTypesOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListResourceTypesInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListResourceTypesRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListResourceTypesOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListResources = "ListResources"
+
+// ListResourcesRequest generates a "aws/request.Request" representing the
+// client's request for the ListResources operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
-// See UpdateResourceShare for more information on using the UpdateResourceShare
+// See ListResources for more information on using the ListResources
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
-// // Example sending a request using the UpdateResourceShareRequest method.
-// req, resp := client.UpdateResourceShareRequest(params)
+// // Example sending a request using the ListResourcesRequest method.
+// req, resp := client.ListResourcesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UpdateResourceShare
-func (c *RAM) UpdateResourceShareRequest(input *UpdateResourceShareInput) (req *request.Request, output *UpdateResourceShareOutput) {
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResources
+func (c *RAM) ListResourcesRequest(input *ListResourcesInput) (req *request.Request, output *ListResourcesOutput) {
op := &request.Operation{
- Name: opUpdateResourceShare,
+ Name: opListResources,
HTTPMethod: "POST",
- HTTPPath: "/updateresourceshare",
+ HTTPPath: "/listresources",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
}
if input == nil {
- input = &UpdateResourceShareInput{}
+ input = &ListResourcesInput{}
}
- output = &UpdateResourceShareOutput{}
+ output = &ListResourcesOutput{}
req = c.newRequest(op, input, output)
return
}
-// UpdateResourceShare API operation for AWS Resource Access Manager.
+// ListResources API operation for AWS Resource Access Manager.
//
-// Modifies some of the properties of the specified resource share.
+// Lists the resources that you added to a resource share or the resources that
+// are shared with you.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Resource Access Manager's
-// API operation UpdateResourceShare for usage and error information.
+// API operation ListResources for usage and error information.
//
// Returned Error Types:
//
-// - IdempotentParameterMismatchException
-// The client token input parameter was matched one used with a previous call
-// to the operation, but at least one of the other input parameters is different
-// from the previous call.
-//
-// - MissingRequiredParameterException
-// A required input parameter is missing.
+// - InvalidResourceTypeException
+// The operation failed because the specified resource type isn't valid.
//
// - UnknownResourceException
-// A specified resource was not found.
+// The operation failed because a specified resource couldn't be found.
//
// - MalformedArnException
-// The format of an Amazon Resource Name (ARN) is not valid.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
//
-// - InvalidClientTokenException
-// The client token is not valid.
+// - InvalidNextTokenException
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
//
// - InvalidParameterException
-// A parameter is not valid.
-//
-// - OperationNotPermittedException
-// The requested operation is not permitted.
+// The operation failed because a parameter you specified isn't valid.
//
// - ServerInternalException
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
//
// - ServiceUnavailableException
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
//
-// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UpdateResourceShare
-func (c *RAM) UpdateResourceShare(input *UpdateResourceShareInput) (*UpdateResourceShareOutput, error) {
- req, out := c.UpdateResourceShareRequest(input)
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResources
+func (c *RAM) ListResources(input *ListResourcesInput) (*ListResourcesOutput, error) {
+ req, out := c.ListResourcesRequest(input)
return out, req.Send()
}
-// UpdateResourceShareWithContext is the same as UpdateResourceShare with the addition of
+// ListResourcesWithContext is the same as ListResources with the addition of
// the ability to pass a context and additional request options.
//
-// See UpdateResourceShare for details on how to use this API operation.
+// See ListResources for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
-func (c *RAM) UpdateResourceShareWithContext(ctx aws.Context, input *UpdateResourceShareInput, opts ...request.Option) (*UpdateResourceShareOutput, error) {
- req, out := c.UpdateResourceShareRequest(input)
+func (c *RAM) ListResourcesWithContext(ctx aws.Context, input *ListResourcesInput, opts ...request.Option) (*ListResourcesOutput, error) {
+ req, out := c.ListResourcesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
-type AcceptResourceShareInvitationInput struct {
+// ListResourcesPages iterates over the pages of a ListResources operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListResources method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListResources operation.
+// pageNum := 0
+// err := client.ListResourcesPages(params,
+// func(page *ram.ListResourcesOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *RAM) ListResourcesPages(input *ListResourcesInput, fn func(*ListResourcesOutput, bool) bool) error {
+ return c.ListResourcesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListResourcesPagesWithContext same as ListResourcesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) ListResourcesPagesWithContext(ctx aws.Context, input *ListResourcesInput, fn func(*ListResourcesOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListResourcesInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListResourcesRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListResourcesOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opPromotePermissionCreatedFromPolicy = "PromotePermissionCreatedFromPolicy"
+
+// PromotePermissionCreatedFromPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the PromotePermissionCreatedFromPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PromotePermissionCreatedFromPolicy for more information on using the PromotePermissionCreatedFromPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the PromotePermissionCreatedFromPolicyRequest method.
+// req, resp := client.PromotePermissionCreatedFromPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/PromotePermissionCreatedFromPolicy
+func (c *RAM) PromotePermissionCreatedFromPolicyRequest(input *PromotePermissionCreatedFromPolicyInput) (req *request.Request, output *PromotePermissionCreatedFromPolicyOutput) {
+ op := &request.Operation{
+ Name: opPromotePermissionCreatedFromPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/promotepermissioncreatedfrompolicy",
+ }
+
+ if input == nil {
+ input = &PromotePermissionCreatedFromPolicyInput{}
+ }
+
+ output = &PromotePermissionCreatedFromPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// PromotePermissionCreatedFromPolicy API operation for AWS Resource Access Manager.
+//
+// When you attach a resource-based policy to a resource, RAM automatically
+// creates a resource share of featureSet=CREATED_FROM_POLICY with a managed
+// permission that has the same IAM permissions as the original resource-based
+// policy. However, this type of managed permission is visible to only the resource
+// share owner, and the associated resource share can't be modified by using
+// RAM.
+//
+// This operation creates a separate, fully manageable customer managed permission
+// that has the same IAM permissions as the original resource-based policy.
+// You can associate this customer managed permission to any resource shares.
+//
+// Before you use PromoteResourceShareCreatedFromPolicy, you should first run
+// this operation to ensure that you have an appropriate customer managed permission
+// that can be associated with the promoted resource share.
+//
+// - The original CREATED_FROM_POLICY policy isn't deleted, and resource
+// shares using that original policy aren't automatically updated.
+//
+// - You can't modify a CREATED_FROM_POLICY resource share so you can't associate
+// the new customer managed permission by using ReplacePermsissionAssociations.
+// However, if you use PromoteResourceShareCreatedFromPolicy, that operation
+// automatically associates the fully manageable customer managed permission
+// to the newly promoted STANDARD resource share.
+//
+// - After you promote a resource share, if the original CREATED_FROM_POLICY
+// managed permission has no other associations to A resource share, then
+// RAM automatically deletes it.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Access Manager's
+// API operation PromotePermissionCreatedFromPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
+//
+// - MissingRequiredParameterException
+// The operation failed because a required input parameter is missing.
+//
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
+//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/PromotePermissionCreatedFromPolicy
+func (c *RAM) PromotePermissionCreatedFromPolicy(input *PromotePermissionCreatedFromPolicyInput) (*PromotePermissionCreatedFromPolicyOutput, error) {
+ req, out := c.PromotePermissionCreatedFromPolicyRequest(input)
+ return out, req.Send()
+}
+
+// PromotePermissionCreatedFromPolicyWithContext is the same as PromotePermissionCreatedFromPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PromotePermissionCreatedFromPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) PromotePermissionCreatedFromPolicyWithContext(ctx aws.Context, input *PromotePermissionCreatedFromPolicyInput, opts ...request.Option) (*PromotePermissionCreatedFromPolicyOutput, error) {
+ req, out := c.PromotePermissionCreatedFromPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opPromoteResourceShareCreatedFromPolicy = "PromoteResourceShareCreatedFromPolicy"
+
+// PromoteResourceShareCreatedFromPolicyRequest generates a "aws/request.Request" representing the
+// client's request for the PromoteResourceShareCreatedFromPolicy operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See PromoteResourceShareCreatedFromPolicy for more information on using the PromoteResourceShareCreatedFromPolicy
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the PromoteResourceShareCreatedFromPolicyRequest method.
+// req, resp := client.PromoteResourceShareCreatedFromPolicyRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/PromoteResourceShareCreatedFromPolicy
+func (c *RAM) PromoteResourceShareCreatedFromPolicyRequest(input *PromoteResourceShareCreatedFromPolicyInput) (req *request.Request, output *PromoteResourceShareCreatedFromPolicyOutput) {
+ op := &request.Operation{
+ Name: opPromoteResourceShareCreatedFromPolicy,
+ HTTPMethod: "POST",
+ HTTPPath: "/promoteresourcesharecreatedfrompolicy",
+ }
+
+ if input == nil {
+ input = &PromoteResourceShareCreatedFromPolicyInput{}
+ }
+
+ output = &PromoteResourceShareCreatedFromPolicyOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// PromoteResourceShareCreatedFromPolicy API operation for AWS Resource Access Manager.
+//
+// When you attach a resource-based policy to a resource, RAM automatically
+// creates a resource share of featureSet=CREATED_FROM_POLICY with a managed
+// permission that has the same IAM permissions as the original resource-based
+// policy. However, this type of managed permission is visible to only the resource
+// share owner, and the associated resource share can't be modified by using
+// RAM.
+//
+// This operation promotes the resource share to a STANDARD resource share that
+// is fully manageable in RAM. When you promote a resource share, you can then
+// manage the resource share in RAM and it becomes visible to all of the principals
+// you shared it with.
+//
+// Before you perform this operation, you should first run PromotePermissionCreatedFromPolicyto
+// ensure that you have an appropriate customer managed permission that can
+// be associated with this resource share after its is promoted. If this operation
+// can't find a managed permission that exactly matches the existing CREATED_FROM_POLICY
+// permission, then this operation fails.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Access Manager's
+// API operation PromoteResourceShareCreatedFromPolicy for usage and error information.
+//
+// Returned Error Types:
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - ResourceShareLimitExceededException
+// The operation failed because it would exceed the limit for resource shares
+// for your account. To view the limits for your Amazon Web Services account,
+// see the RAM page in the Service Quotas console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
+//
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
+//
+// - MissingRequiredParameterException
+// The operation failed because a required input parameter is missing.
+//
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
+//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - InvalidStateTransitionException
+// The operation failed because the requested operation isn't valid for the
+// resource share in its current state.
+//
+// - UnmatchedPolicyPermissionException
+// There isn't an existing managed permission defined in RAM that has the same
+// IAM permissions as the resource-based policy attached to the resource. You
+// should first run PromotePermissionCreatedFromPolicy to create that managed
+// permission.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/PromoteResourceShareCreatedFromPolicy
+func (c *RAM) PromoteResourceShareCreatedFromPolicy(input *PromoteResourceShareCreatedFromPolicyInput) (*PromoteResourceShareCreatedFromPolicyOutput, error) {
+ req, out := c.PromoteResourceShareCreatedFromPolicyRequest(input)
+ return out, req.Send()
+}
+
+// PromoteResourceShareCreatedFromPolicyWithContext is the same as PromoteResourceShareCreatedFromPolicy with the addition of
+// the ability to pass a context and additional request options.
+//
+// See PromoteResourceShareCreatedFromPolicy for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) PromoteResourceShareCreatedFromPolicyWithContext(ctx aws.Context, input *PromoteResourceShareCreatedFromPolicyInput, opts ...request.Option) (*PromoteResourceShareCreatedFromPolicyOutput, error) {
+ req, out := c.PromoteResourceShareCreatedFromPolicyRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opRejectResourceShareInvitation = "RejectResourceShareInvitation"
+
+// RejectResourceShareInvitationRequest generates a "aws/request.Request" representing the
+// client's request for the RejectResourceShareInvitation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See RejectResourceShareInvitation for more information on using the RejectResourceShareInvitation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the RejectResourceShareInvitationRequest method.
+// req, resp := client.RejectResourceShareInvitationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/RejectResourceShareInvitation
+func (c *RAM) RejectResourceShareInvitationRequest(input *RejectResourceShareInvitationInput) (req *request.Request, output *RejectResourceShareInvitationOutput) {
+ op := &request.Operation{
+ Name: opRejectResourceShareInvitation,
+ HTTPMethod: "POST",
+ HTTPPath: "/rejectresourceshareinvitation",
+ }
+
+ if input == nil {
+ input = &RejectResourceShareInvitationInput{}
+ }
+
+ output = &RejectResourceShareInvitationOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// RejectResourceShareInvitation API operation for AWS Resource Access Manager.
+//
+// Rejects an invitation to a resource share from another Amazon Web Services
+// account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Access Manager's
+// API operation RejectResourceShareInvitation for usage and error information.
+//
+// Returned Error Types:
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// - ResourceShareInvitationArnNotFoundException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// for an invitation was not found.
+//
+// - ResourceShareInvitationAlreadyAcceptedException
+// The operation failed because the specified invitation was already accepted.
+//
+// - ResourceShareInvitationAlreadyRejectedException
+// The operation failed because the specified invitation was already rejected.
+//
+// - ResourceShareInvitationExpiredException
+// The operation failed because the specified invitation is past its expiration
+// date and time.
+//
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
+//
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
+//
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/RejectResourceShareInvitation
+func (c *RAM) RejectResourceShareInvitation(input *RejectResourceShareInvitationInput) (*RejectResourceShareInvitationOutput, error) {
+ req, out := c.RejectResourceShareInvitationRequest(input)
+ return out, req.Send()
+}
+
+// RejectResourceShareInvitationWithContext is the same as RejectResourceShareInvitation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See RejectResourceShareInvitation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) RejectResourceShareInvitationWithContext(ctx aws.Context, input *RejectResourceShareInvitationInput, opts ...request.Option) (*RejectResourceShareInvitationOutput, error) {
+ req, out := c.RejectResourceShareInvitationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opReplacePermissionAssociations = "ReplacePermissionAssociations"
+
+// ReplacePermissionAssociationsRequest generates a "aws/request.Request" representing the
+// client's request for the ReplacePermissionAssociations operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ReplacePermissionAssociations for more information on using the ReplacePermissionAssociations
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ReplacePermissionAssociationsRequest method.
+// req, resp := client.ReplacePermissionAssociationsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ReplacePermissionAssociations
+func (c *RAM) ReplacePermissionAssociationsRequest(input *ReplacePermissionAssociationsInput) (req *request.Request, output *ReplacePermissionAssociationsOutput) {
+ op := &request.Operation{
+ Name: opReplacePermissionAssociations,
+ HTTPMethod: "POST",
+ HTTPPath: "/replacepermissionassociations",
+ }
+
+ if input == nil {
+ input = &ReplacePermissionAssociationsInput{}
+ }
+
+ output = &ReplacePermissionAssociationsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ReplacePermissionAssociations API operation for AWS Resource Access Manager.
+//
+// Updates all resource shares that use a managed permission to a different
+// managed permission. This operation always applies the default version of
+// the target managed permission. You can optionally specify that the update
+// applies to only resource shares that currently use a specified version. This
+// enables you to update to the latest version, without changing the which managed
+// permission is used.
+//
+// You can use this operation to update all of your resource shares to use the
+// current default version of the permission by specifying the same value for
+// the fromPermissionArn and toPermissionArn parameters.
+//
+// You can use the optional fromPermissionVersion parameter to update only those
+// resources that use a specified version of the managed permission to the new
+// managed permission.
+//
+// To successfully perform this operation, you must have permission to update
+// the resource-based policy on all affected resource types.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Access Manager's
+// API operation ReplacePermissionAssociations for usage and error information.
+//
+// Returned Error Types:
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
+//
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
+//
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
+//
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ReplacePermissionAssociations
+func (c *RAM) ReplacePermissionAssociations(input *ReplacePermissionAssociationsInput) (*ReplacePermissionAssociationsOutput, error) {
+ req, out := c.ReplacePermissionAssociationsRequest(input)
+ return out, req.Send()
+}
+
+// ReplacePermissionAssociationsWithContext is the same as ReplacePermissionAssociations with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ReplacePermissionAssociations for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) ReplacePermissionAssociationsWithContext(ctx aws.Context, input *ReplacePermissionAssociationsInput, opts ...request.Option) (*ReplacePermissionAssociationsOutput, error) {
+ req, out := c.ReplacePermissionAssociationsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opSetDefaultPermissionVersion = "SetDefaultPermissionVersion"
+
+// SetDefaultPermissionVersionRequest generates a "aws/request.Request" representing the
+// client's request for the SetDefaultPermissionVersion operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See SetDefaultPermissionVersion for more information on using the SetDefaultPermissionVersion
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the SetDefaultPermissionVersionRequest method.
+// req, resp := client.SetDefaultPermissionVersionRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/SetDefaultPermissionVersion
+func (c *RAM) SetDefaultPermissionVersionRequest(input *SetDefaultPermissionVersionInput) (req *request.Request, output *SetDefaultPermissionVersionOutput) {
+ op := &request.Operation{
+ Name: opSetDefaultPermissionVersion,
+ HTTPMethod: "POST",
+ HTTPPath: "/setdefaultpermissionversion",
+ }
+
+ if input == nil {
+ input = &SetDefaultPermissionVersionInput{}
+ }
+
+ output = &SetDefaultPermissionVersionOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// SetDefaultPermissionVersion API operation for AWS Resource Access Manager.
+//
+// Designates the specified version number as the default version for the specified
+// customer managed permission. New resource shares automatically use this new
+// default permission. Existing resource shares continue to use their original
+// permission version, but you can use ReplacePermissionAssociations to update
+// them.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Access Manager's
+// API operation SetDefaultPermissionVersion for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
+//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
+//
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/SetDefaultPermissionVersion
+func (c *RAM) SetDefaultPermissionVersion(input *SetDefaultPermissionVersionInput) (*SetDefaultPermissionVersionOutput, error) {
+ req, out := c.SetDefaultPermissionVersionRequest(input)
+ return out, req.Send()
+}
+
+// SetDefaultPermissionVersionWithContext is the same as SetDefaultPermissionVersion with the addition of
+// the ability to pass a context and additional request options.
+//
+// See SetDefaultPermissionVersion for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) SetDefaultPermissionVersionWithContext(ctx aws.Context, input *SetDefaultPermissionVersionInput, opts ...request.Option) (*SetDefaultPermissionVersionOutput, error) {
+ req, out := c.SetDefaultPermissionVersionRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opTagResource = "TagResource"
+
+// TagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the TagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See TagResource for more information on using the TagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the TagResourceRequest method.
+// req, resp := client.TagResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/TagResource
+func (c *RAM) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
+ op := &request.Operation{
+ Name: opTagResource,
+ HTTPMethod: "POST",
+ HTTPPath: "/tagresource",
+ }
+
+ if input == nil {
+ input = &TagResourceInput{}
+ }
+
+ output = &TagResourceOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// TagResource API operation for AWS Resource Access Manager.
+//
+// Adds the specified tag keys and values to a resource share or managed permission.
+// If you choose a resource share, the tags are attached to only the resource
+// share, not to the resources that are in the resource share.
+//
+// The tags on a managed permission are the same for all versions of the managed
+// permission.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Access Manager's
+// API operation TagResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - TagLimitExceededException
+// The operation failed because it would exceed the limit for tags for your
+// Amazon Web Services account.
+//
+// - ResourceArnNotFoundException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// was not found.
+//
+// - TagPolicyViolationException
+// The operation failed because the specified tag key is a reserved word and
+// can't be used.
+//
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/TagResource
+func (c *RAM) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
+ return out, req.Send()
+}
+
+// TagResourceWithContext is the same as TagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUntagResource = "UntagResource"
+
+// UntagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the UntagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UntagResource for more information on using the UntagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UntagResourceRequest method.
+// req, resp := client.UntagResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UntagResource
+func (c *RAM) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
+ op := &request.Operation{
+ Name: opUntagResource,
+ HTTPMethod: "POST",
+ HTTPPath: "/untagresource",
+ }
+
+ if input == nil {
+ input = &UntagResourceInput{}
+ }
+
+ output = &UntagResourceOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// UntagResource API operation for AWS Resource Access Manager.
+//
+// Removes the specified tag key and value pairs from the specified resource
+// share or managed permission.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Access Manager's
+// API operation UntagResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UntagResource
+func (c *RAM) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
+ return out, req.Send()
+}
+
+// UntagResourceWithContext is the same as UntagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UntagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUpdateResourceShare = "UpdateResourceShare"
+
+// UpdateResourceShareRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateResourceShare operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateResourceShare for more information on using the UpdateResourceShare
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateResourceShareRequest method.
+// req, resp := client.UpdateResourceShareRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UpdateResourceShare
+func (c *RAM) UpdateResourceShareRequest(input *UpdateResourceShareInput) (req *request.Request, output *UpdateResourceShareOutput) {
+ op := &request.Operation{
+ Name: opUpdateResourceShare,
+ HTTPMethod: "POST",
+ HTTPPath: "/updateresourceshare",
+ }
+
+ if input == nil {
+ input = &UpdateResourceShareInput{}
+ }
+
+ output = &UpdateResourceShareOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// UpdateResourceShare API operation for AWS Resource Access Manager.
+//
+// Modifies some of the properties of the specified resource share.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Resource Access Manager's
+// API operation UpdateResourceShare for usage and error information.
+//
+// Returned Error Types:
+//
+// - IdempotentParameterMismatchException
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
+//
+// - MissingRequiredParameterException
+// The operation failed because a required input parameter is missing.
+//
+// - UnknownResourceException
+// The operation failed because a specified resource couldn't be found.
+//
+// - MalformedArnException
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+//
+// - InvalidClientTokenException
+// The operation failed because the specified client token isn't valid.
+//
+// - InvalidParameterException
+// The operation failed because a parameter you specified isn't valid.
+//
+// - OperationNotPermittedException
+// The operation failed because the requested operation isn't permitted.
+//
+// - ServerInternalException
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
+//
+// - ServiceUnavailableException
+// The operation failed because the service isn't available. Try again later.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UpdateResourceShare
+func (c *RAM) UpdateResourceShare(input *UpdateResourceShareInput) (*UpdateResourceShareOutput, error) {
+ req, out := c.UpdateResourceShareRequest(input)
+ return out, req.Send()
+}
+
+// UpdateResourceShareWithContext is the same as UpdateResourceShare with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateResourceShare for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *RAM) UpdateResourceShareWithContext(ctx aws.Context, input *UpdateResourceShareInput, opts ...request.Option) (*UpdateResourceShareOutput, error) {
+ req, out := c.UpdateResourceShareRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+type AcceptResourceShareInvitationInput struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies a unique, case-sensitive identifier that you provide to ensure
+ // the idempotency of the request. This lets you safely retry the request without
+ // accidentally performing the same operation a second time. Passing the same
+ // value to a later call to an operation requires that you also pass the same
+ // value for all other parameters. We recommend that you use a UUID type of
+ // value. (https://wikipedia.org/wiki/Universally_unique_identifier).
+ //
+ // If you don't provide this value, then Amazon Web Services generates a random
+ // one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the invitation that you want to accept.
+ //
+ // ResourceShareInvitationArn is a required field
+ ResourceShareInvitationArn *string `locationName:"resourceShareInvitationArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AcceptResourceShareInvitationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AcceptResourceShareInvitationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AcceptResourceShareInvitationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AcceptResourceShareInvitationInput"}
+ if s.ResourceShareInvitationArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceShareInvitationArn"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *AcceptResourceShareInvitationInput) SetClientToken(v string) *AcceptResourceShareInvitationInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetResourceShareInvitationArn sets the ResourceShareInvitationArn field's value.
+func (s *AcceptResourceShareInvitationInput) SetResourceShareInvitationArn(v string) *AcceptResourceShareInvitationInput {
+ s.ResourceShareInvitationArn = &v
+ return s
+}
+
+type AcceptResourceShareInvitationOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The idempotency identifier associated with this request. If you want to repeat
+ // the same operation in an idempotent manner then you must include this value
+ // in the clientToken request parameter of that later call. All other parameters
+ // must also have the same values that you used in the first call.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // An object that contains information about the specified invitation.
+ ResourceShareInvitation *ResourceShareInvitation `locationName:"resourceShareInvitation" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AcceptResourceShareInvitationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AcceptResourceShareInvitationOutput) GoString() string {
+ return s.String()
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *AcceptResourceShareInvitationOutput) SetClientToken(v string) *AcceptResourceShareInvitationOutput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetResourceShareInvitation sets the ResourceShareInvitation field's value.
+func (s *AcceptResourceShareInvitationOutput) SetResourceShareInvitation(v *ResourceShareInvitation) *AcceptResourceShareInvitationOutput {
+ s.ResourceShareInvitation = v
+ return s
+}
+
+type AssociateResourceShareInput struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies a unique, case-sensitive identifier that you provide to ensure
+ // the idempotency of the request. This lets you safely retry the request without
+ // accidentally performing the same operation a second time. Passing the same
+ // value to a later call to an operation requires that you also pass the same
+ // value for all other parameters. We recommend that you use a UUID type of
+ // value. (https://wikipedia.org/wiki/Universally_unique_identifier).
+ //
+ // If you don't provide this value, then Amazon Web Services generates a random
+ // one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // Specifies a list of principals to whom you want to the resource share. This
+ // can be null if you want to add only resources.
+ //
+ // What the principals can do with the resources in the share is determined
+ // by the RAM permissions that you associate with the resource share. See AssociateResourceSharePermission.
+ //
+ // You can include the following values:
+ //
+ // * An Amazon Web Services account ID, for example: 123456789012
+ //
+ // * An Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
+ //
+ // * An ARN of an organizational unit (OU) in Organizations, for example:
+ // organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
+ //
+ // * An ARN of an IAM role, for example: iam::123456789012:role/rolename
+ //
+ // * An ARN of an IAM user, for example: iam::123456789012user/username
+ //
+ // Not all resource types can be shared with IAM roles and users. For more information,
+ // see Sharing with IAM roles and users (https://docs.aws.amazon.com/ram/latest/userguide/permissions.html#permissions-rbp-supported-resource-types)
+ // in the Resource Access Manager User Guide.
+ Principals []*string `locationName:"principals" type:"list"`
+
+ // Specifies a list of Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the resources that you want to share. This can be null if you want to
+ // add only principals.
+ ResourceArns []*string `locationName:"resourceArns" type:"list"`
+
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the resource share that you want to add principals or resources to.
+ //
+ // ResourceShareArn is a required field
+ ResourceShareArn *string `locationName:"resourceShareArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateResourceShareInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateResourceShareInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssociateResourceShareInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AssociateResourceShareInput"}
+ if s.ResourceShareArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceShareArn"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *AssociateResourceShareInput) SetClientToken(v string) *AssociateResourceShareInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetPrincipals sets the Principals field's value.
+func (s *AssociateResourceShareInput) SetPrincipals(v []*string) *AssociateResourceShareInput {
+ s.Principals = v
+ return s
+}
+
+// SetResourceArns sets the ResourceArns field's value.
+func (s *AssociateResourceShareInput) SetResourceArns(v []*string) *AssociateResourceShareInput {
+ s.ResourceArns = v
+ return s
+}
+
+// SetResourceShareArn sets the ResourceShareArn field's value.
+func (s *AssociateResourceShareInput) SetResourceShareArn(v string) *AssociateResourceShareInput {
+ s.ResourceShareArn = &v
+ return s
+}
+
+type AssociateResourceShareOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The idempotency identifier associated with this request. If you want to repeat
+ // the same operation in an idempotent manner then you must include this value
+ // in the clientToken request parameter of that later call. All other parameters
+ // must also have the same values that you used in the first call.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // An array of objects that contain information about the associations.
+ ResourceShareAssociations []*ResourceShareAssociation `locationName:"resourceShareAssociations" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateResourceShareOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateResourceShareOutput) GoString() string {
+ return s.String()
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *AssociateResourceShareOutput) SetClientToken(v string) *AssociateResourceShareOutput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetResourceShareAssociations sets the ResourceShareAssociations field's value.
+func (s *AssociateResourceShareOutput) SetResourceShareAssociations(v []*ResourceShareAssociation) *AssociateResourceShareOutput {
+ s.ResourceShareAssociations = v
+ return s
+}
+
+type AssociateResourceSharePermissionInput struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies a unique, case-sensitive identifier that you provide to ensure
+ // the idempotency of the request. This lets you safely retry the request without
+ // accidentally performing the same operation a second time. Passing the same
+ // value to a later call to an operation requires that you also pass the same
+ // value for all other parameters. We recommend that you use a UUID type of
+ // value. (https://wikipedia.org/wiki/Universally_unique_identifier).
+ //
+ // If you don't provide this value, then Amazon Web Services generates a random
+ // one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the RAM permission to associate with the resource share. To find the ARN
+ // for a permission, use either the ListPermissions operation or go to the Permissions
+ // library (https://console.aws.amazon.com/ram/home#Permissions:) page in the
+ // RAM console and then choose the name of the permission. The ARN is displayed
+ // on the detail page.
+ //
+ // PermissionArn is a required field
+ PermissionArn *string `locationName:"permissionArn" type:"string" required:"true"`
+
+ // Specifies the version of the RAM permission to associate with the resource
+ // share. You can specify only the version that is currently set as the default
+ // version for the permission. If you also set the replace pararameter to true,
+ // then this operation updates an outdated version of the permission to the
+ // current default version.
+ //
+ // You don't need to specify this parameter because the default behavior is
+ // to use the version that is currently set as the default version for the permission.
+ // This parameter is supported for backwards compatibility.
+ PermissionVersion *int64 `locationName:"permissionVersion" type:"integer"`
+
+ // Specifies whether the specified permission should replace the existing permission
+ // associated with the resource share. Use true to replace the current permissions.
+ // Use false to add the permission to a resource share that currently doesn't
+ // have a permission. The default value is false.
+ //
+ // A resource share can have only one permission per resource type. If a resource
+ // share already has a permission for the specified resource type and you don't
+ // set replace to true then the operation returns an error. This helps prevent
+ // accidental overwriting of a permission.
+ Replace *bool `locationName:"replace" type:"boolean"`
+
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the resource share to which you want to add or replace permissions.
+ //
+ // ResourceShareArn is a required field
+ ResourceShareArn *string `locationName:"resourceShareArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateResourceSharePermissionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateResourceSharePermissionInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssociateResourceSharePermissionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AssociateResourceSharePermissionInput"}
+ if s.PermissionArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PermissionArn"))
+ }
+ if s.ResourceShareArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceShareArn"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *AssociateResourceSharePermissionInput) SetClientToken(v string) *AssociateResourceSharePermissionInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetPermissionArn sets the PermissionArn field's value.
+func (s *AssociateResourceSharePermissionInput) SetPermissionArn(v string) *AssociateResourceSharePermissionInput {
+ s.PermissionArn = &v
+ return s
+}
+
+// SetPermissionVersion sets the PermissionVersion field's value.
+func (s *AssociateResourceSharePermissionInput) SetPermissionVersion(v int64) *AssociateResourceSharePermissionInput {
+ s.PermissionVersion = &v
+ return s
+}
+
+// SetReplace sets the Replace field's value.
+func (s *AssociateResourceSharePermissionInput) SetReplace(v bool) *AssociateResourceSharePermissionInput {
+ s.Replace = &v
+ return s
+}
+
+// SetResourceShareArn sets the ResourceShareArn field's value.
+func (s *AssociateResourceSharePermissionInput) SetResourceShareArn(v string) *AssociateResourceSharePermissionInput {
+ s.ResourceShareArn = &v
+ return s
+}
+
+type AssociateResourceSharePermissionOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The idempotency identifier associated with this request. If you want to repeat
+ // the same operation in an idempotent manner then you must include this value
+ // in the clientToken request parameter of that later call. All other parameters
+ // must also have the same values that you used in the first call.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // A return value of true indicates that the request succeeded. A value of false
+ // indicates that the request failed.
+ ReturnValue *bool `locationName:"returnValue" type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateResourceSharePermissionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociateResourceSharePermissionOutput) GoString() string {
+ return s.String()
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *AssociateResourceSharePermissionOutput) SetClientToken(v string) *AssociateResourceSharePermissionOutput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetReturnValue sets the ReturnValue field's value.
+func (s *AssociateResourceSharePermissionOutput) SetReturnValue(v bool) *AssociateResourceSharePermissionOutput {
+ s.ReturnValue = &v
+ return s
+}
+
+// An object that describes a managed permission associated with a resource
+// share.
+type AssociatedPermission struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the associated managed permission.
+ Arn *string `locationName:"arn" type:"string"`
+
+ // Indicates whether the associated resource share is using the default version
+ // of the permission.
+ DefaultVersion *bool `locationName:"defaultVersion" type:"boolean"`
+
+ // Indicates what features are available for this resource share. This parameter
+ // can have one of the following values:
+ //
+ // * STANDARD – A resource share that supports all functionality. These
+ // resource shares are visible to all principals you share the resource share
+ // with. You can modify these resource shares in RAM using the console or
+ // APIs. This resource share might have been created by RAM, or it might
+ // have been CREATED_FROM_POLICY and then promoted.
+ //
+ // * CREATED_FROM_POLICY – The customer manually shared a resource by attaching
+ // a resource-based policy. That policy did not match any existing managed
+ // permissions, so RAM created this customer managed permission automatically
+ // on the customer's behalf based on the attached policy document. This type
+ // of resource share is visible only to the Amazon Web Services account that
+ // created it. You can't modify it in RAM unless you promote it. For more
+ // information, see PromoteResourceShareCreatedFromPolicy.
+ //
+ // * PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY,
+ // but the customer ran the PromoteResourceShareCreatedFromPolicy and that
+ // operation is still in progress. This value changes to STANDARD when complete.
+ FeatureSet *string `locationName:"featureSet" type:"string" enum:"PermissionFeatureSet"`
+
+ // The date and time when the association between the permission and the resource
+ // share was last updated.
+ LastUpdatedTime *time.Time `locationName:"lastUpdatedTime" type:"timestamp"`
+
+ // The version of the permission currently associated with the resource share.
+ PermissionVersion *string `locationName:"permissionVersion" type:"string"`
+
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of a resource share associated with this permission.
+ ResourceShareArn *string `locationName:"resourceShareArn" type:"string"`
+
+ // The resource type to which this permission applies.
+ ResourceType *string `locationName:"resourceType" type:"string"`
+
+ // The current status of the association between the permission and the resource
+ // share. The following are the possible values:
+ //
+ // * ATTACHABLE – This permission or version can be associated with resource
+ // shares.
+ //
+ // * UNATTACHABLE – This permission or version can't currently be associated
+ // with resource shares.
+ //
+ // * DELETING – This permission or version is in the process of being deleted.
+ //
+ // * DELETED – This permission or version is deleted.
+ Status *string `locationName:"status" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociatedPermission) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssociatedPermission) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *AssociatedPermission) SetArn(v string) *AssociatedPermission {
+ s.Arn = &v
+ return s
+}
+
+// SetDefaultVersion sets the DefaultVersion field's value.
+func (s *AssociatedPermission) SetDefaultVersion(v bool) *AssociatedPermission {
+ s.DefaultVersion = &v
+ return s
+}
+
+// SetFeatureSet sets the FeatureSet field's value.
+func (s *AssociatedPermission) SetFeatureSet(v string) *AssociatedPermission {
+ s.FeatureSet = &v
+ return s
+}
+
+// SetLastUpdatedTime sets the LastUpdatedTime field's value.
+func (s *AssociatedPermission) SetLastUpdatedTime(v time.Time) *AssociatedPermission {
+ s.LastUpdatedTime = &v
+ return s
+}
+
+// SetPermissionVersion sets the PermissionVersion field's value.
+func (s *AssociatedPermission) SetPermissionVersion(v string) *AssociatedPermission {
+ s.PermissionVersion = &v
+ return s
+}
+
+// SetResourceShareArn sets the ResourceShareArn field's value.
+func (s *AssociatedPermission) SetResourceShareArn(v string) *AssociatedPermission {
+ s.ResourceShareArn = &v
+ return s
+}
+
+// SetResourceType sets the ResourceType field's value.
+func (s *AssociatedPermission) SetResourceType(v string) *AssociatedPermission {
+ s.ResourceType = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *AssociatedPermission) SetStatus(v string) *AssociatedPermission {
+ s.Status = &v
+ return s
+}
+
+type CreatePermissionInput struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies a unique, case-sensitive identifier that you provide to ensure
+ // the idempotency of the request. This lets you safely retry the request without
+ // accidentally performing the same operation a second time. Passing the same
+ // value to a later call to an operation requires that you also pass the same
+ // value for all other parameters. We recommend that you use a UUID type of
+ // value. (https://wikipedia.org/wiki/Universally_unique_identifier).
+ //
+ // If you don't provide this value, then Amazon Web Services generates a random
+ // one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // Specifies the name of the customer managed permission. The name must be unique
+ // within the Amazon Web Services Region.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" min:"1" type:"string" required:"true"`
+
+ // A string in JSON format string that contains the following elements of a
+ // resource-based policy:
+ //
+ // * Effect: must be set to ALLOW.
+ //
+ // * Action: specifies the actions that are allowed by this customer managed
+ // permission. The list must contain only actions that are supported by the
+ // specified resource type. For a list of all actions supported by each resource
+ // type, see Actions, resources, and condition keys for Amazon Web Services
+ // services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)
+ // in the Identity and Access Management User Guide.
+ //
+ // * Condition: (optional) specifies conditional parameters that must evaluate
+ // to true when a user attempts an action for that action to be allowed.
+ // For more information about the Condition element, see IAM policies: Condition
+ // element (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html)
+ // in the Identity and Access Management User Guide.
+ //
+ // This template can't include either the Resource or Principal elements. Those
+ // are both filled in by RAM when it instantiates the resource-based policy
+ // on each resource shared using this managed permission. The Resource comes
+ // from the ARN of the specific resource that you are sharing. The Principal
+ // comes from the list of identities added to the resource share.
+ //
+ // PolicyTemplate is a required field
+ PolicyTemplate *string `locationName:"policyTemplate" type:"string" required:"true"`
+
+ // Specifies the name of the resource type that this customer managed permission
+ // applies to.
+ //
+ // The format is : and is not case sensitive. For
+ // example, to specify an Amazon EC2 Subnet, you can use the string ec2:subnet.
+ // To see the list of valid values for this parameter, query the ListResourceTypes
+ // operation.
+ //
+ // ResourceType is a required field
+ ResourceType *string `locationName:"resourceType" type:"string" required:"true"`
+
+ // Specifies a list of one or more tag key and value pairs to attach to the
+ // permission.
+ Tags []*Tag `locationName:"tags" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreatePermissionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreatePermissionInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreatePermissionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreatePermissionInput"}
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 1))
+ }
+ if s.PolicyTemplate == nil {
+ invalidParams.Add(request.NewErrParamRequired("PolicyTemplate"))
+ }
+ if s.ResourceType == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceType"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreatePermissionInput) SetClientToken(v string) *CreatePermissionInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreatePermissionInput) SetName(v string) *CreatePermissionInput {
+ s.Name = &v
+ return s
+}
+
+// SetPolicyTemplate sets the PolicyTemplate field's value.
+func (s *CreatePermissionInput) SetPolicyTemplate(v string) *CreatePermissionInput {
+ s.PolicyTemplate = &v
+ return s
+}
+
+// SetResourceType sets the ResourceType field's value.
+func (s *CreatePermissionInput) SetResourceType(v string) *CreatePermissionInput {
+ s.ResourceType = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *CreatePermissionInput) SetTags(v []*Tag) *CreatePermissionInput {
+ s.Tags = v
+ return s
+}
+
+type CreatePermissionOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The idempotency identifier associated with this request. If you want to repeat
+ // the same operation in an idempotent manner then you must include this value
+ // in the clientToken request parameter of that later call. All other parameters
+ // must also have the same values that you used in the first call.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // A structure with information about this customer managed permission.
+ Permission *ResourceSharePermissionSummary `locationName:"permission" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreatePermissionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreatePermissionOutput) GoString() string {
+ return s.String()
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreatePermissionOutput) SetClientToken(v string) *CreatePermissionOutput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetPermission sets the Permission field's value.
+func (s *CreatePermissionOutput) SetPermission(v *ResourceSharePermissionSummary) *CreatePermissionOutput {
+ s.Permission = v
+ return s
+}
+
+type CreatePermissionVersionInput struct {
_ struct{} `type:"structure"`
// Specifies a unique, case-sensitive identifier that you provide to ensure
@@ -3183,13 +5148,43 @@ type AcceptResourceShareInvitationInput struct {
//
// If you don't provide this value, then Amazon Web Services generates a random
// one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
ClientToken *string `locationName:"clientToken" type:"string"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the invitation that you want to accept.
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the customer managed permission you're creating a new version for.
//
- // ResourceShareInvitationArn is a required field
- ResourceShareInvitationArn *string `locationName:"resourceShareInvitationArn" type:"string" required:"true"`
+ // PermissionArn is a required field
+ PermissionArn *string `locationName:"permissionArn" type:"string" required:"true"`
+
+ // A string in JSON format string that contains the following elements of a
+ // resource-based policy:
+ //
+ // * Effect: must be set to ALLOW.
+ //
+ // * Action: specifies the actions that are allowed by this customer managed
+ // permission. The list must contain only actions that are supported by the
+ // specified resource type. For a list of all actions supported by each resource
+ // type, see Actions, resources, and condition keys for Amazon Web Services
+ // services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)
+ // in the Identity and Access Management User Guide.
+ //
+ // * Condition: (optional) specifies conditional parameters that must evaluate
+ // to true when a user attempts an action for that action to be allowed.
+ // For more information about the Condition element, see IAM policies: Condition
+ // element (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html)
+ // in the Identity and Access Management User Guide.
+ //
+ // This template can't include either the Resource or Principal elements. Those
+ // are both filled in by RAM when it instantiates the resource-based policy
+ // on each resource shared using this managed permission. The Resource comes
+ // from the ARN of the specific resource that you are sharing. The Principal
+ // comes from the list of identities added to the resource share.
+ //
+ // PolicyTemplate is a required field
+ PolicyTemplate *string `locationName:"policyTemplate" type:"string" required:"true"`
}
// String returns the string representation.
@@ -3197,7 +5192,7 @@ type AcceptResourceShareInvitationInput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AcceptResourceShareInvitationInput) String() string {
+func (s CreatePermissionVersionInput) String() string {
return awsutil.Prettify(s)
}
@@ -3206,15 +5201,18 @@ func (s AcceptResourceShareInvitationInput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AcceptResourceShareInvitationInput) GoString() string {
+func (s CreatePermissionVersionInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *AcceptResourceShareInvitationInput) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "AcceptResourceShareInvitationInput"}
- if s.ResourceShareInvitationArn == nil {
- invalidParams.Add(request.NewErrParamRequired("ResourceShareInvitationArn"))
+func (s *CreatePermissionVersionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreatePermissionVersionInput"}
+ if s.PermissionArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PermissionArn"))
+ }
+ if s.PolicyTemplate == nil {
+ invalidParams.Add(request.NewErrParamRequired("PolicyTemplate"))
}
if invalidParams.Len() > 0 {
@@ -3224,18 +5222,24 @@ func (s *AcceptResourceShareInvitationInput) Validate() error {
}
// SetClientToken sets the ClientToken field's value.
-func (s *AcceptResourceShareInvitationInput) SetClientToken(v string) *AcceptResourceShareInvitationInput {
+func (s *CreatePermissionVersionInput) SetClientToken(v string) *CreatePermissionVersionInput {
s.ClientToken = &v
return s
}
-// SetResourceShareInvitationArn sets the ResourceShareInvitationArn field's value.
-func (s *AcceptResourceShareInvitationInput) SetResourceShareInvitationArn(v string) *AcceptResourceShareInvitationInput {
- s.ResourceShareInvitationArn = &v
+// SetPermissionArn sets the PermissionArn field's value.
+func (s *CreatePermissionVersionInput) SetPermissionArn(v string) *CreatePermissionVersionInput {
+ s.PermissionArn = &v
return s
}
-type AcceptResourceShareInvitationOutput struct {
+// SetPolicyTemplate sets the PolicyTemplate field's value.
+func (s *CreatePermissionVersionInput) SetPolicyTemplate(v string) *CreatePermissionVersionInput {
+ s.PolicyTemplate = &v
+ return s
+}
+
+type CreatePermissionVersionOutput struct {
_ struct{} `type:"structure"`
// The idempotency identifier associated with this request. If you want to repeat
@@ -3244,8 +5248,8 @@ type AcceptResourceShareInvitationOutput struct {
// must also have the same values that you used in the first call.
ClientToken *string `locationName:"clientToken" type:"string"`
- // An object that contains information about the specified invitation.
- ResourceShareInvitation *ResourceShareInvitation `locationName:"resourceShareInvitation" type:"structure"`
+ // Information about a RAM managed permission.
+ Permission *ResourceSharePermissionDetail `locationName:"permission" type:"structure"`
}
// String returns the string representation.
@@ -3253,7 +5257,7 @@ type AcceptResourceShareInvitationOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AcceptResourceShareInvitationOutput) String() string {
+func (s CreatePermissionVersionOutput) String() string {
return awsutil.Prettify(s)
}
@@ -3262,25 +5266,32 @@ func (s AcceptResourceShareInvitationOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AcceptResourceShareInvitationOutput) GoString() string {
+func (s CreatePermissionVersionOutput) GoString() string {
return s.String()
}
// SetClientToken sets the ClientToken field's value.
-func (s *AcceptResourceShareInvitationOutput) SetClientToken(v string) *AcceptResourceShareInvitationOutput {
+func (s *CreatePermissionVersionOutput) SetClientToken(v string) *CreatePermissionVersionOutput {
s.ClientToken = &v
return s
}
-// SetResourceShareInvitation sets the ResourceShareInvitation field's value.
-func (s *AcceptResourceShareInvitationOutput) SetResourceShareInvitation(v *ResourceShareInvitation) *AcceptResourceShareInvitationOutput {
- s.ResourceShareInvitation = v
+// SetPermission sets the Permission field's value.
+func (s *CreatePermissionVersionOutput) SetPermission(v *ResourceSharePermissionDetail) *CreatePermissionVersionOutput {
+ s.Permission = v
return s
}
-type AssociateResourceShareInput struct {
+type CreateResourceShareInput struct {
_ struct{} `type:"structure"`
+ // Specifies whether principals outside your organization in Organizations can
+ // be associated with a resource share. A value of true lets you share with
+ // individual Amazon Web Services accounts that are not in your organization.
+ // A value of false only has meaning if your account is a member of an Amazon
+ // Web Services Organization. The default value is true.
+ AllowExternalPrincipals *bool `locationName:"allowExternalPrincipals" type:"boolean"`
+
// Specifies a unique, case-sensitive identifier that you provide to ensure
// the idempotency of the request. This lets you safely retry the request without
// accidentally performing the same operation a second time. Passing the same
@@ -3290,19 +5301,31 @@ type AssociateResourceShareInput struct {
//
// If you don't provide this value, then Amazon Web Services generates a random
// one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
ClientToken *string `locationName:"clientToken" type:"string"`
- // Specifies a list of principals to whom you want to the resource share. This
- // can be null if you want to add only resources.
+ // Specifies the name of the resource share.
//
- // What the principals can do with the resources in the share is determined
- // by the RAM permissions that you associate with the resource share. See AssociateResourceSharePermission.
+ // Name is a required field
+ Name *string `locationName:"name" type:"string" required:"true"`
+
+ // Specifies the Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the RAM permission to associate with the resource share. If you do not
+ // specify an ARN for the permission, RAM automatically attaches the default
+ // version of the permission for each resource type. You can associate only
+ // one permission with each resource type included in the resource share.
+ PermissionArns []*string `locationName:"permissionArns" type:"list"`
+
+ // Specifies a list of one or more principals to associate with the resource
+ // share.
//
// You can include the following values:
//
// * An Amazon Web Services account ID, for example: 123456789012
//
- // * An Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // * An Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
//
// * An ARN of an organizational unit (OU) in Organizations, for example:
@@ -3317,16 +5340,13 @@ type AssociateResourceShareInput struct {
// in the Resource Access Manager User Guide.
Principals []*string `locationName:"principals" type:"list"`
- // Specifies a list of Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the resources that you want to share. This can be null if you want to
- // add only principals.
+ // Specifies a list of one or more ARNs of the resources to associate with the
+ // resource share.
ResourceArns []*string `locationName:"resourceArns" type:"list"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the resource share that you want to add principals or resources to.
- //
- // ResourceShareArn is a required field
- ResourceShareArn *string `locationName:"resourceShareArn" type:"string" required:"true"`
+ // Specifies one or more tags to attach to the resource share itself. It doesn't
+ // attach the tags to the resources associated with the resource share.
+ Tags []*Tag `locationName:"tags" type:"list"`
}
// String returns the string representation.
@@ -3334,7 +5354,7 @@ type AssociateResourceShareInput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AssociateResourceShareInput) String() string {
+func (s CreateResourceShareInput) String() string {
return awsutil.Prettify(s)
}
@@ -3343,15 +5363,15 @@ func (s AssociateResourceShareInput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AssociateResourceShareInput) GoString() string {
+func (s CreateResourceShareInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *AssociateResourceShareInput) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "AssociateResourceShareInput"}
- if s.ResourceShareArn == nil {
- invalidParams.Add(request.NewErrParamRequired("ResourceShareArn"))
+func (s *CreateResourceShareInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateResourceShareInput"}
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
}
if invalidParams.Len() > 0 {
@@ -3360,31 +5380,49 @@ func (s *AssociateResourceShareInput) Validate() error {
return nil
}
+// SetAllowExternalPrincipals sets the AllowExternalPrincipals field's value.
+func (s *CreateResourceShareInput) SetAllowExternalPrincipals(v bool) *CreateResourceShareInput {
+ s.AllowExternalPrincipals = &v
+ return s
+}
+
// SetClientToken sets the ClientToken field's value.
-func (s *AssociateResourceShareInput) SetClientToken(v string) *AssociateResourceShareInput {
+func (s *CreateResourceShareInput) SetClientToken(v string) *CreateResourceShareInput {
s.ClientToken = &v
return s
}
+// SetName sets the Name field's value.
+func (s *CreateResourceShareInput) SetName(v string) *CreateResourceShareInput {
+ s.Name = &v
+ return s
+}
+
+// SetPermissionArns sets the PermissionArns field's value.
+func (s *CreateResourceShareInput) SetPermissionArns(v []*string) *CreateResourceShareInput {
+ s.PermissionArns = v
+ return s
+}
+
// SetPrincipals sets the Principals field's value.
-func (s *AssociateResourceShareInput) SetPrincipals(v []*string) *AssociateResourceShareInput {
+func (s *CreateResourceShareInput) SetPrincipals(v []*string) *CreateResourceShareInput {
s.Principals = v
return s
}
// SetResourceArns sets the ResourceArns field's value.
-func (s *AssociateResourceShareInput) SetResourceArns(v []*string) *AssociateResourceShareInput {
+func (s *CreateResourceShareInput) SetResourceArns(v []*string) *CreateResourceShareInput {
s.ResourceArns = v
return s
}
-// SetResourceShareArn sets the ResourceShareArn field's value.
-func (s *AssociateResourceShareInput) SetResourceShareArn(v string) *AssociateResourceShareInput {
- s.ResourceShareArn = &v
+// SetTags sets the Tags field's value.
+func (s *CreateResourceShareInput) SetTags(v []*Tag) *CreateResourceShareInput {
+ s.Tags = v
return s
}
-type AssociateResourceShareOutput struct {
+type CreateResourceShareOutput struct {
_ struct{} `type:"structure"`
// The idempotency identifier associated with this request. If you want to repeat
@@ -3393,8 +5431,8 @@ type AssociateResourceShareOutput struct {
// must also have the same values that you used in the first call.
ClientToken *string `locationName:"clientToken" type:"string"`
- // An array of objects that contain information about the associations.
- ResourceShareAssociations []*ResourceShareAssociation `locationName:"resourceShareAssociations" type:"list"`
+ // An object with information about the new resource share.
+ ResourceShare *ResourceShare `locationName:"resourceShare" type:"structure"`
}
// String returns the string representation.
@@ -3402,7 +5440,7 @@ type AssociateResourceShareOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AssociateResourceShareOutput) String() string {
+func (s CreateResourceShareOutput) String() string {
return awsutil.Prettify(s)
}
@@ -3411,24 +5449,24 @@ func (s AssociateResourceShareOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AssociateResourceShareOutput) GoString() string {
+func (s CreateResourceShareOutput) GoString() string {
return s.String()
}
// SetClientToken sets the ClientToken field's value.
-func (s *AssociateResourceShareOutput) SetClientToken(v string) *AssociateResourceShareOutput {
+func (s *CreateResourceShareOutput) SetClientToken(v string) *CreateResourceShareOutput {
s.ClientToken = &v
return s
}
-// SetResourceShareAssociations sets the ResourceShareAssociations field's value.
-func (s *AssociateResourceShareOutput) SetResourceShareAssociations(v []*ResourceShareAssociation) *AssociateResourceShareOutput {
- s.ResourceShareAssociations = v
+// SetResourceShare sets the ResourceShare field's value.
+func (s *CreateResourceShareOutput) SetResourceShare(v *ResourceShare) *CreateResourceShareOutput {
+ s.ResourceShare = v
return s
}
-type AssociateResourceSharePermissionInput struct {
- _ struct{} `type:"structure"`
+type DeletePermissionInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
// Specifies a unique, case-sensitive identifier that you provide to ensure
// the idempotency of the request. This lets you safely retry the request without
@@ -3439,40 +5477,16 @@ type AssociateResourceSharePermissionInput struct {
//
// If you don't provide this value, then Amazon Web Services generates a random
// one for you.
- ClientToken *string `locationName:"clientToken" type:"string"`
-
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the RAM permission to associate with the resource share. To find the ARN
- // for a permission, use either the ListPermissions operation or go to the Permissions
- // library (https://console.aws.amazon.com/ram/home#Permissions:) page in the
- // RAM console and then choose the name of the permission. The ARN is displayed
- // on the detail page.
- //
- // PermissionArn is a required field
- PermissionArn *string `locationName:"permissionArn" type:"string" required:"true"`
-
- // Specifies the version of the RAM permission to associate with the resource
- // share. If you don't specify this parameter, the operation uses the version
- // designated as the default. You can use the ListPermissionVersions operation
- // to discover the available versions of a permission.
- PermissionVersion *int64 `locationName:"permissionVersion" type:"integer"`
-
- // Specifies whether the specified permission should replace or add to the existing
- // permission associated with the resource share. Use true to replace the current
- // permissions. Use false to add the permission to the current permission. The
- // default value is false.
//
- // A resource share can have only one permission per resource type. If a resource
- // share already has a permission for the specified resource type and you don't
- // set replace to true then the operation returns an error. This helps prevent
- // accidental overwriting of a permission.
- Replace *bool `locationName:"replace" type:"boolean"`
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
+ ClientToken *string `location:"querystring" locationName:"clientToken" type:"string"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the resource share to which you want to add or replace permissions.
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the customer managed permission that you want to delete.
//
- // ResourceShareArn is a required field
- ResourceShareArn *string `locationName:"resourceShareArn" type:"string" required:"true"`
+ // PermissionArn is a required field
+ PermissionArn *string `location:"querystring" locationName:"permissionArn" type:"string" required:"true"`
}
// String returns the string representation.
@@ -3480,7 +5494,7 @@ type AssociateResourceSharePermissionInput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AssociateResourceSharePermissionInput) String() string {
+func (s DeletePermissionInput) String() string {
return awsutil.Prettify(s)
}
@@ -3489,19 +5503,16 @@ func (s AssociateResourceSharePermissionInput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AssociateResourceSharePermissionInput) GoString() string {
+func (s DeletePermissionInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *AssociateResourceSharePermissionInput) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "AssociateResourceSharePermissionInput"}
+func (s *DeletePermissionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeletePermissionInput"}
if s.PermissionArn == nil {
invalidParams.Add(request.NewErrParamRequired("PermissionArn"))
}
- if s.ResourceShareArn == nil {
- invalidParams.Add(request.NewErrParamRequired("ResourceShareArn"))
- }
if invalidParams.Len() > 0 {
return invalidParams
@@ -3510,36 +5521,18 @@ func (s *AssociateResourceSharePermissionInput) Validate() error {
}
// SetClientToken sets the ClientToken field's value.
-func (s *AssociateResourceSharePermissionInput) SetClientToken(v string) *AssociateResourceSharePermissionInput {
+func (s *DeletePermissionInput) SetClientToken(v string) *DeletePermissionInput {
s.ClientToken = &v
return s
}
// SetPermissionArn sets the PermissionArn field's value.
-func (s *AssociateResourceSharePermissionInput) SetPermissionArn(v string) *AssociateResourceSharePermissionInput {
+func (s *DeletePermissionInput) SetPermissionArn(v string) *DeletePermissionInput {
s.PermissionArn = &v
return s
}
-// SetPermissionVersion sets the PermissionVersion field's value.
-func (s *AssociateResourceSharePermissionInput) SetPermissionVersion(v int64) *AssociateResourceSharePermissionInput {
- s.PermissionVersion = &v
- return s
-}
-
-// SetReplace sets the Replace field's value.
-func (s *AssociateResourceSharePermissionInput) SetReplace(v bool) *AssociateResourceSharePermissionInput {
- s.Replace = &v
- return s
-}
-
-// SetResourceShareArn sets the ResourceShareArn field's value.
-func (s *AssociateResourceSharePermissionInput) SetResourceShareArn(v string) *AssociateResourceSharePermissionInput {
- s.ResourceShareArn = &v
- return s
-}
-
-type AssociateResourceSharePermissionOutput struct {
+type DeletePermissionOutput struct {
_ struct{} `type:"structure"`
// The idempotency identifier associated with this request. If you want to repeat
@@ -3548,8 +5541,11 @@ type AssociateResourceSharePermissionOutput struct {
// must also have the same values that you used in the first call.
ClientToken *string `locationName:"clientToken" type:"string"`
- // A return value of true indicates that the request succeeded. A value of false
- // indicates that the request failed.
+ // This operation is performed asynchronously, and this response parameter indicates
+ // the current status.
+ PermissionStatus *string `locationName:"permissionStatus" type:"string" enum:"PermissionStatus"`
+
+ // A boolean that indicates whether the delete operations succeeded.
ReturnValue *bool `locationName:"returnValue" type:"boolean"`
}
@@ -3558,7 +5554,7 @@ type AssociateResourceSharePermissionOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AssociateResourceSharePermissionOutput) String() string {
+func (s DeletePermissionOutput) String() string {
return awsutil.Prettify(s)
}
@@ -3567,31 +5563,30 @@ func (s AssociateResourceSharePermissionOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s AssociateResourceSharePermissionOutput) GoString() string {
+func (s DeletePermissionOutput) GoString() string {
return s.String()
}
// SetClientToken sets the ClientToken field's value.
-func (s *AssociateResourceSharePermissionOutput) SetClientToken(v string) *AssociateResourceSharePermissionOutput {
+func (s *DeletePermissionOutput) SetClientToken(v string) *DeletePermissionOutput {
s.ClientToken = &v
return s
}
+// SetPermissionStatus sets the PermissionStatus field's value.
+func (s *DeletePermissionOutput) SetPermissionStatus(v string) *DeletePermissionOutput {
+ s.PermissionStatus = &v
+ return s
+}
+
// SetReturnValue sets the ReturnValue field's value.
-func (s *AssociateResourceSharePermissionOutput) SetReturnValue(v bool) *AssociateResourceSharePermissionOutput {
+func (s *DeletePermissionOutput) SetReturnValue(v bool) *DeletePermissionOutput {
s.ReturnValue = &v
return s
}
-type CreateResourceShareInput struct {
- _ struct{} `type:"structure"`
-
- // Specifies whether principals outside your organization in Organizations can
- // be associated with a resource share. A value of true lets you share with
- // individual Amazon Web Services accounts that are not in your organization.
- // A value of false only has meaning if your account is a member of an Amazon
- // Web Services Organization. The default value is true.
- AllowExternalPrincipals *bool `locationName:"allowExternalPrincipals" type:"boolean"`
+type DeletePermissionVersionInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
// Specifies a unique, case-sensitive identifier that you provide to ensure
// the idempotency of the request. This lets you safely retry the request without
@@ -3602,49 +5597,32 @@ type CreateResourceShareInput struct {
//
// If you don't provide this value, then Amazon Web Services generates a random
// one for you.
- ClientToken *string `locationName:"clientToken" type:"string"`
-
- // Specifies the name of the resource share.
//
- // Name is a required field
- Name *string `locationName:"name" type:"string" required:"true"`
-
- // Specifies the Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the RAM permission to associate with the resource share. If you do not
- // specify an ARN for the permission, RAM automatically attaches the default
- // version of the permission for each resource type. You can associate only
- // one permission with each resource type included in the resource share.
- PermissionArns []*string `locationName:"permissionArns" type:"list"`
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
+ ClientToken *string `location:"querystring" locationName:"clientToken" type:"string"`
- // Specifies a list of one or more principals to associate with the resource
- // share.
- //
- // You can include the following values:
- //
- // * An Amazon Web Services account ID, for example: 123456789012
- //
- // * An Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
- //
- // * An ARN of an organizational unit (OU) in Organizations, for example:
- // organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the permission with the version you want to delete.
//
- // * An ARN of an IAM role, for example: iam::123456789012:role/rolename
- //
- // * An ARN of an IAM user, for example: iam::123456789012user/username
- //
- // Not all resource types can be shared with IAM roles and users. For more information,
- // see Sharing with IAM roles and users (https://docs.aws.amazon.com/ram/latest/userguide/permissions.html#permissions-rbp-supported-resource-types)
- // in the Resource Access Manager User Guide.
- Principals []*string `locationName:"principals" type:"list"`
-
- // Specifies a list of one or more ARNs of the resources to associate with the
- // resource share.
- ResourceArns []*string `locationName:"resourceArns" type:"list"`
+ // PermissionArn is a required field
+ PermissionArn *string `location:"querystring" locationName:"permissionArn" type:"string" required:"true"`
- // Specifies one or more tags to attach to the resource share itself. It doesn't
- // attach the tags to the resources associated with the resource share.
- Tags []*Tag `locationName:"tags" type:"list"`
+ // Specifies the version number to delete.
+ //
+ // You can't delete the default version for a customer managed permission.
+ //
+ // You can't delete a version if it's the only version of the permission. You
+ // must either first create another version, or delete the permission completely.
+ //
+ // You can't delete a version if it is attached to any resource shares. If the
+ // version is the default, you must first use SetDefaultPermissionVersion to
+ // set a different version as the default for the customer managed permission,
+ // and then use AssociateResourceSharePermission to update your resource shares
+ // to use the new default version.
+ //
+ // PermissionVersion is a required field
+ PermissionVersion *int64 `location:"querystring" locationName:"permissionVersion" type:"integer" required:"true"`
}
// String returns the string representation.
@@ -3652,7 +5630,7 @@ type CreateResourceShareInput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s CreateResourceShareInput) String() string {
+func (s DeletePermissionVersionInput) String() string {
return awsutil.Prettify(s)
}
@@ -3661,15 +5639,18 @@ func (s CreateResourceShareInput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s CreateResourceShareInput) GoString() string {
+func (s DeletePermissionVersionInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *CreateResourceShareInput) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "CreateResourceShareInput"}
- if s.Name == nil {
- invalidParams.Add(request.NewErrParamRequired("Name"))
+func (s *DeletePermissionVersionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeletePermissionVersionInput"}
+ if s.PermissionArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PermissionArn"))
+ }
+ if s.PermissionVersion == nil {
+ invalidParams.Add(request.NewErrParamRequired("PermissionVersion"))
}
if invalidParams.Len() > 0 {
@@ -3678,49 +5659,25 @@ func (s *CreateResourceShareInput) Validate() error {
return nil
}
-// SetAllowExternalPrincipals sets the AllowExternalPrincipals field's value.
-func (s *CreateResourceShareInput) SetAllowExternalPrincipals(v bool) *CreateResourceShareInput {
- s.AllowExternalPrincipals = &v
- return s
-}
-
// SetClientToken sets the ClientToken field's value.
-func (s *CreateResourceShareInput) SetClientToken(v string) *CreateResourceShareInput {
+func (s *DeletePermissionVersionInput) SetClientToken(v string) *DeletePermissionVersionInput {
s.ClientToken = &v
return s
}
-// SetName sets the Name field's value.
-func (s *CreateResourceShareInput) SetName(v string) *CreateResourceShareInput {
- s.Name = &v
- return s
-}
-
-// SetPermissionArns sets the PermissionArns field's value.
-func (s *CreateResourceShareInput) SetPermissionArns(v []*string) *CreateResourceShareInput {
- s.PermissionArns = v
- return s
-}
-
-// SetPrincipals sets the Principals field's value.
-func (s *CreateResourceShareInput) SetPrincipals(v []*string) *CreateResourceShareInput {
- s.Principals = v
- return s
-}
-
-// SetResourceArns sets the ResourceArns field's value.
-func (s *CreateResourceShareInput) SetResourceArns(v []*string) *CreateResourceShareInput {
- s.ResourceArns = v
+// SetPermissionArn sets the PermissionArn field's value.
+func (s *DeletePermissionVersionInput) SetPermissionArn(v string) *DeletePermissionVersionInput {
+ s.PermissionArn = &v
return s
}
-// SetTags sets the Tags field's value.
-func (s *CreateResourceShareInput) SetTags(v []*Tag) *CreateResourceShareInput {
- s.Tags = v
+// SetPermissionVersion sets the PermissionVersion field's value.
+func (s *DeletePermissionVersionInput) SetPermissionVersion(v int64) *DeletePermissionVersionInput {
+ s.PermissionVersion = &v
return s
}
-type CreateResourceShareOutput struct {
+type DeletePermissionVersionOutput struct {
_ struct{} `type:"structure"`
// The idempotency identifier associated with this request. If you want to repeat
@@ -3729,8 +5686,12 @@ type CreateResourceShareOutput struct {
// must also have the same values that you used in the first call.
ClientToken *string `locationName:"clientToken" type:"string"`
- // An object with information about the new resource share.
- ResourceShare *ResourceShare `locationName:"resourceShare" type:"structure"`
+ // This operation is performed asynchronously, and this response parameter indicates
+ // the current status.
+ PermissionStatus *string `locationName:"permissionStatus" type:"string" enum:"PermissionStatus"`
+
+ // A boolean value that indicates whether the operation is successful.
+ ReturnValue *bool `locationName:"returnValue" type:"boolean"`
}
// String returns the string representation.
@@ -3738,7 +5699,7 @@ type CreateResourceShareOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s CreateResourceShareOutput) String() string {
+func (s DeletePermissionVersionOutput) String() string {
return awsutil.Prettify(s)
}
@@ -3747,19 +5708,25 @@ func (s CreateResourceShareOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s CreateResourceShareOutput) GoString() string {
+func (s DeletePermissionVersionOutput) GoString() string {
return s.String()
}
// SetClientToken sets the ClientToken field's value.
-func (s *CreateResourceShareOutput) SetClientToken(v string) *CreateResourceShareOutput {
+func (s *DeletePermissionVersionOutput) SetClientToken(v string) *DeletePermissionVersionOutput {
s.ClientToken = &v
return s
}
-// SetResourceShare sets the ResourceShare field's value.
-func (s *CreateResourceShareOutput) SetResourceShare(v *ResourceShare) *CreateResourceShareOutput {
- s.ResourceShare = v
+// SetPermissionStatus sets the PermissionStatus field's value.
+func (s *DeletePermissionVersionOutput) SetPermissionStatus(v string) *DeletePermissionVersionOutput {
+ s.PermissionStatus = &v
+ return s
+}
+
+// SetReturnValue sets the ReturnValue field's value.
+func (s *DeletePermissionVersionOutput) SetReturnValue(v bool) *DeletePermissionVersionOutput {
+ s.ReturnValue = &v
return s
}
@@ -3775,9 +5742,12 @@ type DeleteResourceShareInput struct {
//
// If you don't provide this value, then Amazon Web Services generates a random
// one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
ClientToken *string `location:"querystring" locationName:"clientToken" type:"string"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource share to delete.
//
// ResourceShareArn is a required field
@@ -3883,6 +5853,9 @@ type DisassociateResourceShareInput struct {
//
// If you don't provide this value, then Amazon Web Services generates a random
// one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
ClientToken *string `locationName:"clientToken" type:"string"`
// Specifies a list of one or more principals that no longer are to have access
@@ -3892,7 +5865,7 @@ type DisassociateResourceShareInput struct {
//
// * An Amazon Web Services account ID, for example: 123456789012
//
- // * An Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // * An Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
//
// * An ARN of an organizational unit (OU) in Organizations, for example:
@@ -3910,11 +5883,11 @@ type DisassociateResourceShareInput struct {
// Specifies a list of Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// for one or more resources that you want to remove from the resource share.
// After the operation runs, these resources are no longer shared with principals
- // outside of the Amazon Web Services account that created the resources.
+ // associated with the resource share.
ResourceArns []*string `locationName:"resourceArns" type:"list"`
- // Specifies Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the resource share that you want to remove resources from.
+ // Specifies Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the resource share that you want to remove resources or principals from.
//
// ResourceShareArn is a required field
ResourceShareArn *string `locationName:"resourceShareArn" type:"string" required:"true"`
@@ -3984,8 +5957,8 @@ type DisassociateResourceShareOutput struct {
// must also have the same values that you used in the first call.
ClientToken *string `locationName:"clientToken" type:"string"`
- // An array of objects that contain information about the updated associations
- // for this resource share.
+ // An array of objects with information about the updated associations for this
+ // resource share.
ResourceShareAssociations []*ResourceShareAssociation `locationName:"resourceShareAssociations" type:"list"`
}
@@ -4031,17 +6004,20 @@ type DisassociateResourceSharePermissionInput struct {
//
// If you don't provide this value, then Amazon Web Services generates a random
// one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
ClientToken *string `locationName:"clientToken" type:"string"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the permission to disassociate from the resource share. Changes to permissions
- // take effect immediately.
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the managed permission to disassociate from the resource share. Changes
+ // to permissions take effect immediately.
//
// PermissionArn is a required field
PermissionArn *string `locationName:"permissionArn" type:"string" required:"true"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the resource share from which you want to disassociate a permission.
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the resource share that you want to remove the managed permission from.
//
// ResourceShareArn is a required field
ResourceShareArn *string `locationName:"resourceShareArn" type:"string" required:"true"`
@@ -4200,7 +6176,7 @@ func (s *EnableSharingWithAwsOrganizationOutput) SetReturnValue(v bool) *EnableS
type GetPermissionInput struct {
_ struct{} `type:"structure"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the permission whose contents you want to retrieve. To find the ARN for
// a permission, use either the ListPermissions operation or go to the Permissions
// library (https://console.aws.amazon.com/ram/home#Permissions:) page in the
@@ -4210,8 +6186,10 @@ type GetPermissionInput struct {
// PermissionArn is a required field
PermissionArn *string `locationName:"permissionArn" type:"string" required:"true"`
- // Specifies identifier for the version of the RAM permission to retrieve. If
- // you don't specify this parameter, the operation retrieves the default version.
+ // Specifies the version number of the RAM permission to retrieve. If you don't
+ // specify this parameter, the operation retrieves the default version.
+ //
+ // To see the list of available versions, use ListPermissionVersions.
PermissionVersion *int64 `locationName:"permissionVersion" type:"integer"`
}
@@ -4261,7 +6239,7 @@ func (s *GetPermissionInput) SetPermissionVersion(v int64) *GetPermissionInput {
type GetPermissionOutput struct {
_ struct{} `type:"structure"`
- // An object that contains information about the permission.
+ // An object with details about the permission.
Permission *ResourceSharePermissionDetail `locationName:"permission" type:"structure"`
}
@@ -4425,17 +6403,15 @@ func (s *GetResourcePoliciesOutput) SetPolicies(v []*string) *GetResourcePolicie
type GetResourceShareAssociationsInput struct {
_ struct{} `type:"structure"`
- // Specifies that you want to retrieve only associations with this status.
+ // Specifies that you want to retrieve only associations that have this status.
AssociationStatus *string `locationName:"associationStatus" type:"string" enum:"ResourceShareAssociationStatus"`
// Specifies whether you want to retrieve the associations that involve a specified
// resource or principal.
//
- // * PRINCIPAL – list the principals that are associated with the specified
- // resource share.
+ // * PRINCIPAL – list the principals whose associations you want to see.
//
- // * RESOURCE – list the resources that are associated with the specified
- // resource share.
+ // * RESOURCE – list the resources whose associations you want to see.
//
// AssociationType is a required field
AssociationType *string `locationName:"associationType" type:"string" required:"true" enum:"ResourceShareAssociationType"`
@@ -4460,14 +6436,14 @@ type GetResourceShareAssociationsInput struct {
// Specifies the ID of the principal whose resource shares you want to retrieve.
// This can be an Amazon Web Services account ID, an organization ID, an organizational
- // unit ID, or the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // unit ID, or the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an individual IAM user or role.
//
// You cannot specify this parameter if the association type is RESOURCE.
Principal *string `locationName:"principal" type:"string"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the resource whose resource shares you want to retrieve.
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of a resource whose resource shares you want to retrieve.
//
// You cannot specify this parameter if the association type is PRINCIPAL.
ResourceArn *string `locationName:"resourceArn" type:"string"`
@@ -4752,9 +6728,13 @@ type GetResourceSharesInput struct {
NextToken *string `locationName:"nextToken" type:"string"`
// Specifies that you want to retrieve details of only those resource shares
- // that use the RAM permission with this Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // that use the managed permission with this Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
PermissionArn *string `locationName:"permissionArn" type:"string"`
+ // Specifies that you want to retrieve details for only those resource shares
+ // that use the specified version of the managed permission.
+ PermissionVersion *int64 `locationName:"permissionVersion" type:"integer"`
+
// Specifies that you want to retrieve details of only those resource shares
// that match the following:
//
@@ -4837,6 +6817,12 @@ func (s *GetResourceSharesInput) SetPermissionArn(v string) *GetResourceSharesIn
return s
}
+// SetPermissionVersion sets the PermissionVersion field's value.
+func (s *GetResourceSharesInput) SetPermissionVersion(v int64) *GetResourceSharesInput {
+ s.PermissionVersion = &v
+ return s
+}
+
// SetResourceOwner sets the ResourceOwner field's value.
func (s *GetResourceSharesInput) SetResourceOwner(v string) *GetResourceSharesInput {
s.ResourceOwner = &v
@@ -4905,9 +6891,9 @@ func (s *GetResourceSharesOutput) SetResourceShares(v []*ResourceShare) *GetReso
return s
}
-// The client token input parameter was matched one used with a previous call
-// to the operation, but at least one of the other input parameters is different
-// from the previous call.
+// The operation failed because the client token input parameter matched one
+// that was used with a previous call to the operation, but at least one of
+// the other input parameters is different from the previous call.
type IdempotentParameterMismatchException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -4971,7 +6957,7 @@ func (s *IdempotentParameterMismatchException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The client token is not valid.
+// The operation failed because the specified client token isn't valid.
type InvalidClientTokenException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -5035,7 +7021,7 @@ func (s *InvalidClientTokenException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The specified value for MaxResults is not valid.
+// The operation failed because the specified value for MaxResults isn't valid.
type InvalidMaxResultsException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -5099,7 +7085,9 @@ func (s *InvalidMaxResultsException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The specified value for NextToken is not valid.
+// The operation failed because the specified value for NextToken isn't valid.
+// You must specify a value you received in the NextToken response of a previous
+// call to this operation.
type InvalidNextTokenException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -5163,7 +7151,7 @@ func (s *InvalidNextTokenException) RequestID() string {
return s.RespMetadata.RequestID
}
-// A parameter is not valid.
+// The operation failed because a parameter you specified isn't valid.
type InvalidParameterException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -5227,7 +7215,71 @@ func (s *InvalidParameterException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The specified resource type is not valid.
+// The operation failed because a policy you specified isn't valid.
+type InvalidPolicyException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidPolicyException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidPolicyException) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidPolicyException(v protocol.ResponseMetadata) error {
+ return &InvalidPolicyException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidPolicyException) Code() string {
+ return "InvalidPolicyException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidPolicyException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidPolicyException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidPolicyException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidPolicyException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidPolicyException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The operation failed because the specified resource type isn't valid.
type InvalidResourceTypeException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -5291,7 +7343,8 @@ func (s *InvalidResourceTypeException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The requested state transition is not valid.
+// The operation failed because the requested operation isn't valid for the
+// resource share in its current state.
type InvalidStateTransitionException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -5341,23 +7394,184 @@ func (s *InvalidStateTransitionException) OrigErr() error {
return nil
}
-func (s *InvalidStateTransitionException) Error() string {
- return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+func (s *InvalidStateTransitionException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidStateTransitionException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidStateTransitionException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type ListPendingInvitationResourcesInput struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies the total number of results that you want included on each page
+ // of the response. If you do not include this parameter, it defaults to a value
+ // that is specific to the operation. If additional items exist beyond the number
+ // you specify, the NextToken response element is returned with a value (not
+ // null). Include the specified value as the NextToken request parameter in
+ // the next call to the operation to get the next part of the results. Note
+ // that the service might return fewer results than the maximum even when there
+ // are more results available. You should check NextToken after every operation
+ // to ensure that you receive all of the results.
+ MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
+
+ // Specifies that you want to receive the next page of results. Valid only if
+ // you received a NextToken response in the previous request. If you did, it
+ // indicates that more output is available. Set this parameter to the value
+ // provided by the previous call's NextToken response to request the next page
+ // of results.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Specifies that you want the results to include only resources that have the
+ // specified scope.
+ //
+ // * ALL – the results include both global and regional resources or resource
+ // types.
+ //
+ // * GLOBAL – the results include only global resources or resource types.
+ //
+ // * REGIONAL – the results include only regional resources or resource
+ // types.
+ //
+ // The default value is ALL.
+ ResourceRegionScope *string `locationName:"resourceRegionScope" type:"string" enum:"ResourceRegionScopeFilter"`
+
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the invitation. You can use GetResourceShareInvitations to find the ARN
+ // of the invitation.
+ //
+ // ResourceShareInvitationArn is a required field
+ ResourceShareInvitationArn *string `locationName:"resourceShareInvitationArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPendingInvitationResourcesInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPendingInvitationResourcesInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListPendingInvitationResourcesInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListPendingInvitationResourcesInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+ if s.ResourceShareInvitationArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceShareInvitationArn"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListPendingInvitationResourcesInput) SetMaxResults(v int64) *ListPendingInvitationResourcesInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListPendingInvitationResourcesInput) SetNextToken(v string) *ListPendingInvitationResourcesInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetResourceRegionScope sets the ResourceRegionScope field's value.
+func (s *ListPendingInvitationResourcesInput) SetResourceRegionScope(v string) *ListPendingInvitationResourcesInput {
+ s.ResourceRegionScope = &v
+ return s
+}
+
+// SetResourceShareInvitationArn sets the ResourceShareInvitationArn field's value.
+func (s *ListPendingInvitationResourcesInput) SetResourceShareInvitationArn(v string) *ListPendingInvitationResourcesInput {
+ s.ResourceShareInvitationArn = &v
+ return s
+}
+
+type ListPendingInvitationResourcesOutput struct {
+ _ struct{} `type:"structure"`
+
+ // If present, this value indicates that more output is available than is included
+ // in the current response. Use this value in the NextToken request parameter
+ // in a subsequent call to the operation to get the next part of the output.
+ // You should repeat this until the NextToken response element comes back as
+ // null. This indicates that this is the last page of results.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // An array of objects that contain the information about the resources included
+ // the specified resource share.
+ Resources []*Resource `locationName:"resources" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPendingInvitationResourcesOutput) String() string {
+ return awsutil.Prettify(s)
}
-// Status code returns the HTTP status code for the request's response error.
-func (s *InvalidStateTransitionException) StatusCode() int {
- return s.RespMetadata.StatusCode
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPendingInvitationResourcesOutput) GoString() string {
+ return s.String()
}
-// RequestID returns the service's response RequestID for request.
-func (s *InvalidStateTransitionException) RequestID() string {
- return s.RespMetadata.RequestID
+// SetNextToken sets the NextToken field's value.
+func (s *ListPendingInvitationResourcesOutput) SetNextToken(v string) *ListPendingInvitationResourcesOutput {
+ s.NextToken = &v
+ return s
}
-type ListPendingInvitationResourcesInput struct {
+// SetResources sets the Resources field's value.
+func (s *ListPendingInvitationResourcesOutput) SetResources(v []*Resource) *ListPendingInvitationResourcesOutput {
+ s.Resources = v
+ return s
+}
+
+type ListPermissionAssociationsInput struct {
_ struct{} `type:"structure"`
+ // Specifies that you want to list only those associations with resource shares
+ // that match this status.
+ AssociationStatus *string `locationName:"associationStatus" type:"string" enum:"ResourceShareAssociationStatus"`
+
+ // When true, specifies that you want to list only those associations with resource
+ // shares that use the default version of the specified managed permission.
+ //
+ // When false (the default value), lists associations with resource shares that
+ // use any version of the specified managed permission.
+ DefaultVersion *bool `locationName:"defaultVersion" type:"boolean"`
+
+ // Specifies that you want to list only those associations with resource shares
+ // that have a featureSet with this value.
+ FeatureSet *string `locationName:"featureSet" type:"string" enum:"PermissionFeatureSet"`
+
// Specifies the total number of results that you want included on each page
// of the response. If you do not include this parameter, it defaults to a value
// that is specific to the operation. If additional items exist beyond the number
@@ -5376,26 +7590,19 @@ type ListPendingInvitationResourcesInput struct {
// of results.
NextToken *string `locationName:"nextToken" type:"string"`
- // Specifies that you want the results to include only resources that have the
- // specified scope.
- //
- // * ALL – the results include both global and regional resources or resource
- // types.
- //
- // * GLOBAL – the results include only global resources or resource types.
- //
- // * REGIONAL – the results include only regional resources or resource
- // types.
- //
- // The default value is ALL.
- ResourceRegionScope *string `locationName:"resourceRegionScope" type:"string" enum:"ResourceRegionScopeFilter"`
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the managed permission.
+ PermissionArn *string `locationName:"permissionArn" type:"string"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the invitation. You can use GetResourceShareInvitations to find the ARN
- // of the invitation.
- //
- // ResourceShareInvitationArn is a required field
- ResourceShareInvitationArn *string `locationName:"resourceShareInvitationArn" type:"string" required:"true"`
+ // Specifies that you want to list only those associations with resource shares
+ // that use this version of the managed permission. If you don't provide a value
+ // for this parameter, then the operation returns information about associations
+ // with resource shares that use any version of the managed permission.
+ PermissionVersion *int64 `locationName:"permissionVersion" type:"integer"`
+
+ // Specifies that you want to list only those associations with resource shares
+ // that include at least one resource of this resource type.
+ ResourceType *string `locationName:"resourceType" type:"string"`
}
// String returns the string representation.
@@ -5403,7 +7610,7 @@ type ListPendingInvitationResourcesInput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListPendingInvitationResourcesInput) String() string {
+func (s ListPermissionAssociationsInput) String() string {
return awsutil.Prettify(s)
}
@@ -5412,19 +7619,16 @@ func (s ListPendingInvitationResourcesInput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListPendingInvitationResourcesInput) GoString() string {
+func (s ListPermissionAssociationsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *ListPendingInvitationResourcesInput) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "ListPendingInvitationResourcesInput"}
+func (s *ListPermissionAssociationsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListPermissionAssociationsInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
- if s.ResourceShareInvitationArn == nil {
- invalidParams.Add(request.NewErrParamRequired("ResourceShareInvitationArn"))
- }
if invalidParams.Len() > 0 {
return invalidParams
@@ -5432,31 +7636,55 @@ func (s *ListPendingInvitationResourcesInput) Validate() error {
return nil
}
+// SetAssociationStatus sets the AssociationStatus field's value.
+func (s *ListPermissionAssociationsInput) SetAssociationStatus(v string) *ListPermissionAssociationsInput {
+ s.AssociationStatus = &v
+ return s
+}
+
+// SetDefaultVersion sets the DefaultVersion field's value.
+func (s *ListPermissionAssociationsInput) SetDefaultVersion(v bool) *ListPermissionAssociationsInput {
+ s.DefaultVersion = &v
+ return s
+}
+
+// SetFeatureSet sets the FeatureSet field's value.
+func (s *ListPermissionAssociationsInput) SetFeatureSet(v string) *ListPermissionAssociationsInput {
+ s.FeatureSet = &v
+ return s
+}
+
// SetMaxResults sets the MaxResults field's value.
-func (s *ListPendingInvitationResourcesInput) SetMaxResults(v int64) *ListPendingInvitationResourcesInput {
+func (s *ListPermissionAssociationsInput) SetMaxResults(v int64) *ListPermissionAssociationsInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
-func (s *ListPendingInvitationResourcesInput) SetNextToken(v string) *ListPendingInvitationResourcesInput {
+func (s *ListPermissionAssociationsInput) SetNextToken(v string) *ListPermissionAssociationsInput {
s.NextToken = &v
return s
}
-// SetResourceRegionScope sets the ResourceRegionScope field's value.
-func (s *ListPendingInvitationResourcesInput) SetResourceRegionScope(v string) *ListPendingInvitationResourcesInput {
- s.ResourceRegionScope = &v
+// SetPermissionArn sets the PermissionArn field's value.
+func (s *ListPermissionAssociationsInput) SetPermissionArn(v string) *ListPermissionAssociationsInput {
+ s.PermissionArn = &v
return s
}
-// SetResourceShareInvitationArn sets the ResourceShareInvitationArn field's value.
-func (s *ListPendingInvitationResourcesInput) SetResourceShareInvitationArn(v string) *ListPendingInvitationResourcesInput {
- s.ResourceShareInvitationArn = &v
+// SetPermissionVersion sets the PermissionVersion field's value.
+func (s *ListPermissionAssociationsInput) SetPermissionVersion(v int64) *ListPermissionAssociationsInput {
+ s.PermissionVersion = &v
return s
}
-type ListPendingInvitationResourcesOutput struct {
+// SetResourceType sets the ResourceType field's value.
+func (s *ListPermissionAssociationsInput) SetResourceType(v string) *ListPermissionAssociationsInput {
+ s.ResourceType = &v
+ return s
+}
+
+type ListPermissionAssociationsOutput struct {
_ struct{} `type:"structure"`
// If present, this value indicates that more output is available than is included
@@ -5466,9 +7694,8 @@ type ListPendingInvitationResourcesOutput struct {
// null. This indicates that this is the last page of results.
NextToken *string `locationName:"nextToken" type:"string"`
- // An array of objects that contain the information about the resources included
- // the specified resource share.
- Resources []*Resource `locationName:"resources" type:"list"`
+ // A structure with information about this customer managed permission.
+ Permissions []*AssociatedPermission `locationName:"permissions" type:"list"`
}
// String returns the string representation.
@@ -5476,7 +7703,7 @@ type ListPendingInvitationResourcesOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListPendingInvitationResourcesOutput) String() string {
+func (s ListPermissionAssociationsOutput) String() string {
return awsutil.Prettify(s)
}
@@ -5485,19 +7712,19 @@ func (s ListPendingInvitationResourcesOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListPendingInvitationResourcesOutput) GoString() string {
+func (s ListPermissionAssociationsOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
-func (s *ListPendingInvitationResourcesOutput) SetNextToken(v string) *ListPendingInvitationResourcesOutput {
+func (s *ListPermissionAssociationsOutput) SetNextToken(v string) *ListPermissionAssociationsOutput {
s.NextToken = &v
return s
}
-// SetResources sets the Resources field's value.
-func (s *ListPendingInvitationResourcesOutput) SetResources(v []*Resource) *ListPendingInvitationResourcesOutput {
- s.Resources = v
+// SetPermissions sets the Permissions field's value.
+func (s *ListPermissionAssociationsOutput) SetPermissions(v []*AssociatedPermission) *ListPermissionAssociationsOutput {
+ s.Permissions = v
return s
}
@@ -5522,7 +7749,7 @@ type ListPermissionVersionsInput struct {
// of results.
NextToken *string `locationName:"nextToken" type:"string"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the RAM permission whose versions you want to list. You can use the permissionVersion
// parameter on the AssociateResourceSharePermission operation to specify a
// non-default version to attach.
@@ -5648,9 +7875,23 @@ type ListPermissionsInput struct {
// of results.
NextToken *string `locationName:"nextToken" type:"string"`
- // Specifies that you want to list permissions for only the specified resource
- // type. For example, to list only permissions that apply to EC2 subnets, specify
- // ec2:Subnet. You can use the ListResourceTypes operation to get the specific
+ // Specifies that you want to list only permissions of this type:
+ //
+ // * AWS – returns only Amazon Web Services managed permissions.
+ //
+ // * LOCAL – returns only customer managed permissions
+ //
+ // * ALL – returns both Amazon Web Services managed permissions and customer
+ // managed permissions.
+ //
+ // If you don't specify this parameter, the default is All.
+ PermissionType *string `locationName:"permissionType" type:"string" enum:"PermissionTypeFilter"`
+
+ // Specifies that you want to list only those permissions that apply to the
+ // specified resource type. This parameter is not case sensitive.
+ //
+ // For example, to list only permissions that apply to Amazon EC2 subnets, specify
+ // ec2:subnet. You can use the ListResourceTypes operation to get the specific
// string required.
ResourceType *string `locationName:"resourceType" type:"string"`
}
@@ -5698,6 +7939,12 @@ func (s *ListPermissionsInput) SetNextToken(v string) *ListPermissionsInput {
return s
}
+// SetPermissionType sets the PermissionType field's value.
+func (s *ListPermissionsInput) SetPermissionType(v string) *ListPermissionsInput {
+ s.PermissionType = &v
+ return s
+}
+
// SetResourceType sets the ResourceType field's value.
func (s *ListPermissionsInput) SetResourceType(v string) *ListPermissionsInput {
s.ResourceType = &v
@@ -5775,7 +8022,7 @@ type ListPrincipalsInput struct {
//
// * An Amazon Web Services account ID, for example: 123456789012
//
- // * An Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // * An Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
//
// * An ARN of an organizational unit (OU) in Organizations, for example:
@@ -5791,7 +8038,7 @@ type ListPrincipalsInput struct {
Principals []*string `locationName:"principals" type:"list"`
// Specifies that you want to list principal information for the resource share
- // with the specified Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
+ // with the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
ResourceArn *string `locationName:"resourceArn" type:"string"`
// Specifies that you want to list information for only resource shares that
@@ -5851,48 +8098,177 @@ func (s *ListPrincipalsInput) Validate() error {
}
// SetMaxResults sets the MaxResults field's value.
-func (s *ListPrincipalsInput) SetMaxResults(v int64) *ListPrincipalsInput {
+func (s *ListPrincipalsInput) SetMaxResults(v int64) *ListPrincipalsInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListPrincipalsInput) SetNextToken(v string) *ListPrincipalsInput {
+ s.NextToken = &v
+ return s
+}
+
+// SetPrincipals sets the Principals field's value.
+func (s *ListPrincipalsInput) SetPrincipals(v []*string) *ListPrincipalsInput {
+ s.Principals = v
+ return s
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *ListPrincipalsInput) SetResourceArn(v string) *ListPrincipalsInput {
+ s.ResourceArn = &v
+ return s
+}
+
+// SetResourceOwner sets the ResourceOwner field's value.
+func (s *ListPrincipalsInput) SetResourceOwner(v string) *ListPrincipalsInput {
+ s.ResourceOwner = &v
+ return s
+}
+
+// SetResourceShareArns sets the ResourceShareArns field's value.
+func (s *ListPrincipalsInput) SetResourceShareArns(v []*string) *ListPrincipalsInput {
+ s.ResourceShareArns = v
+ return s
+}
+
+// SetResourceType sets the ResourceType field's value.
+func (s *ListPrincipalsInput) SetResourceType(v string) *ListPrincipalsInput {
+ s.ResourceType = &v
+ return s
+}
+
+type ListPrincipalsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // If present, this value indicates that more output is available than is included
+ // in the current response. Use this value in the NextToken request parameter
+ // in a subsequent call to the operation to get the next part of the output.
+ // You should repeat this until the NextToken response element comes back as
+ // null. This indicates that this is the last page of results.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // An array of objects that contain the details about the principals.
+ Principals []*Principal `locationName:"principals" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPrincipalsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListPrincipalsOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListPrincipalsOutput) SetNextToken(v string) *ListPrincipalsOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetPrincipals sets the Principals field's value.
+func (s *ListPrincipalsOutput) SetPrincipals(v []*Principal) *ListPrincipalsOutput {
+ s.Principals = v
+ return s
+}
+
+type ListReplacePermissionAssociationsWorkInput struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies the total number of results that you want included on each page
+ // of the response. If you do not include this parameter, it defaults to a value
+ // that is specific to the operation. If additional items exist beyond the number
+ // you specify, the NextToken response element is returned with a value (not
+ // null). Include the specified value as the NextToken request parameter in
+ // the next call to the operation to get the next part of the results. Note
+ // that the service might return fewer results than the maximum even when there
+ // are more results available. You should check NextToken after every operation
+ // to ensure that you receive all of the results.
+ MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`
+
+ // Specifies that you want to receive the next page of results. Valid only if
+ // you received a NextToken response in the previous request. If you did, it
+ // indicates that more output is available. Set this parameter to the value
+ // provided by the previous call's NextToken response to request the next page
+ // of results.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // Specifies that you want to see only the details about requests with a status
+ // that matches this value.
+ Status *string `locationName:"status" type:"string" enum:"ReplacePermissionAssociationsWorkStatus"`
+
+ // A list of IDs. These values come from the idfield of the replacePermissionAssociationsWorkstructure
+ // returned by the ReplacePermissionAssociations operation.
+ WorkIds []*string `locationName:"workIds" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListReplacePermissionAssociationsWorkInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListReplacePermissionAssociationsWorkInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListReplacePermissionAssociationsWorkInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListReplacePermissionAssociationsWorkInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListReplacePermissionAssociationsWorkInput) SetMaxResults(v int64) *ListReplacePermissionAssociationsWorkInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
-func (s *ListPrincipalsInput) SetNextToken(v string) *ListPrincipalsInput {
+func (s *ListReplacePermissionAssociationsWorkInput) SetNextToken(v string) *ListReplacePermissionAssociationsWorkInput {
s.NextToken = &v
return s
}
-// SetPrincipals sets the Principals field's value.
-func (s *ListPrincipalsInput) SetPrincipals(v []*string) *ListPrincipalsInput {
- s.Principals = v
- return s
-}
-
-// SetResourceArn sets the ResourceArn field's value.
-func (s *ListPrincipalsInput) SetResourceArn(v string) *ListPrincipalsInput {
- s.ResourceArn = &v
- return s
-}
-
-// SetResourceOwner sets the ResourceOwner field's value.
-func (s *ListPrincipalsInput) SetResourceOwner(v string) *ListPrincipalsInput {
- s.ResourceOwner = &v
- return s
-}
-
-// SetResourceShareArns sets the ResourceShareArns field's value.
-func (s *ListPrincipalsInput) SetResourceShareArns(v []*string) *ListPrincipalsInput {
- s.ResourceShareArns = v
+// SetStatus sets the Status field's value.
+func (s *ListReplacePermissionAssociationsWorkInput) SetStatus(v string) *ListReplacePermissionAssociationsWorkInput {
+ s.Status = &v
return s
}
-// SetResourceType sets the ResourceType field's value.
-func (s *ListPrincipalsInput) SetResourceType(v string) *ListPrincipalsInput {
- s.ResourceType = &v
+// SetWorkIds sets the WorkIds field's value.
+func (s *ListReplacePermissionAssociationsWorkInput) SetWorkIds(v []*string) *ListReplacePermissionAssociationsWorkInput {
+ s.WorkIds = v
return s
}
-type ListPrincipalsOutput struct {
+type ListReplacePermissionAssociationsWorkOutput struct {
_ struct{} `type:"structure"`
// If present, this value indicates that more output is available than is included
@@ -5902,8 +8278,8 @@ type ListPrincipalsOutput struct {
// null. This indicates that this is the last page of results.
NextToken *string `locationName:"nextToken" type:"string"`
- // An array of objects that contain the details about the principals.
- Principals []*Principal `locationName:"principals" type:"list"`
+ // An array of data structures that provide details of the matching work IDs.
+ ReplacePermissionAssociationsWorks []*ReplacePermissionAssociationsWork `locationName:"replacePermissionAssociationsWorks" type:"list"`
}
// String returns the string representation.
@@ -5911,7 +8287,7 @@ type ListPrincipalsOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListPrincipalsOutput) String() string {
+func (s ListReplacePermissionAssociationsWorkOutput) String() string {
return awsutil.Prettify(s)
}
@@ -5920,19 +8296,19 @@ func (s ListPrincipalsOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListPrincipalsOutput) GoString() string {
+func (s ListReplacePermissionAssociationsWorkOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
-func (s *ListPrincipalsOutput) SetNextToken(v string) *ListPrincipalsOutput {
+func (s *ListReplacePermissionAssociationsWorkOutput) SetNextToken(v string) *ListReplacePermissionAssociationsWorkOutput {
s.NextToken = &v
return s
}
-// SetPrincipals sets the Principals field's value.
-func (s *ListPrincipalsOutput) SetPrincipals(v []*Principal) *ListPrincipalsOutput {
- s.Principals = v
+// SetReplacePermissionAssociationsWorks sets the ReplacePermissionAssociationsWorks field's value.
+func (s *ListReplacePermissionAssociationsWorkOutput) SetReplacePermissionAssociationsWorks(v []*ReplacePermissionAssociationsWork) *ListReplacePermissionAssociationsWorkOutput {
+ s.ReplacePermissionAssociationsWorks = v
return s
}
@@ -5957,7 +8333,7 @@ type ListResourceSharePermissionsInput struct {
// of results.
NextToken *string `locationName:"nextToken" type:"string"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource share for which you want to retrieve the associated permissions.
//
// ResourceShareArn is a required field
@@ -6318,36 +8694,268 @@ func (s *ListResourcesInput) SetResourceOwner(v string) *ListResourcesInput {
return s
}
-// SetResourceRegionScope sets the ResourceRegionScope field's value.
-func (s *ListResourcesInput) SetResourceRegionScope(v string) *ListResourcesInput {
- s.ResourceRegionScope = &v
- return s
+// SetResourceRegionScope sets the ResourceRegionScope field's value.
+func (s *ListResourcesInput) SetResourceRegionScope(v string) *ListResourcesInput {
+ s.ResourceRegionScope = &v
+ return s
+}
+
+// SetResourceShareArns sets the ResourceShareArns field's value.
+func (s *ListResourcesInput) SetResourceShareArns(v []*string) *ListResourcesInput {
+ s.ResourceShareArns = v
+ return s
+}
+
+// SetResourceType sets the ResourceType field's value.
+func (s *ListResourcesInput) SetResourceType(v string) *ListResourcesInput {
+ s.ResourceType = &v
+ return s
+}
+
+type ListResourcesOutput struct {
+ _ struct{} `type:"structure"`
+
+ // If present, this value indicates that more output is available than is included
+ // in the current response. Use this value in the NextToken request parameter
+ // in a subsequent call to the operation to get the next part of the output.
+ // You should repeat this until the NextToken response element comes back as
+ // null. This indicates that this is the last page of results.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // An array of objects that contain information about the resources.
+ Resources []*Resource `locationName:"resources" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListResourcesOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListResourcesOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListResourcesOutput) SetNextToken(v string) *ListResourcesOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetResources sets the Resources field's value.
+func (s *ListResourcesOutput) SetResources(v []*Resource) *ListResourcesOutput {
+ s.Resources = v
+ return s
+}
+
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// has a format that isn't valid.
+type MalformedArnException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalformedArnException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalformedArnException) GoString() string {
+ return s.String()
+}
+
+func newErrorMalformedArnException(v protocol.ResponseMetadata) error {
+ return &MalformedArnException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *MalformedArnException) Code() string {
+ return "MalformedArnException"
+}
+
+// Message returns the exception's message.
+func (s *MalformedArnException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *MalformedArnException) OrigErr() error {
+ return nil
+}
+
+func (s *MalformedArnException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *MalformedArnException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *MalformedArnException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The operation failed because the policy template that you provided isn't
+// valid.
+type MalformedPolicyTemplateException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalformedPolicyTemplateException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalformedPolicyTemplateException) GoString() string {
+ return s.String()
+}
+
+func newErrorMalformedPolicyTemplateException(v protocol.ResponseMetadata) error {
+ return &MalformedPolicyTemplateException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *MalformedPolicyTemplateException) Code() string {
+ return "MalformedPolicyTemplateException"
+}
+
+// Message returns the exception's message.
+func (s *MalformedPolicyTemplateException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *MalformedPolicyTemplateException) OrigErr() error {
+ return nil
+}
+
+func (s *MalformedPolicyTemplateException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *MalformedPolicyTemplateException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *MalformedPolicyTemplateException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The operation failed because a required input parameter is missing.
+type MissingRequiredParameterException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MissingRequiredParameterException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MissingRequiredParameterException) GoString() string {
+ return s.String()
+}
+
+func newErrorMissingRequiredParameterException(v protocol.ResponseMetadata) error {
+ return &MissingRequiredParameterException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *MissingRequiredParameterException) Code() string {
+ return "MissingRequiredParameterException"
+}
+
+// Message returns the exception's message.
+func (s *MissingRequiredParameterException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *MissingRequiredParameterException) OrigErr() error {
+ return nil
}
-// SetResourceShareArns sets the ResourceShareArns field's value.
-func (s *ListResourcesInput) SetResourceShareArns(v []*string) *ListResourcesInput {
- s.ResourceShareArns = v
- return s
+func (s *MissingRequiredParameterException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
-// SetResourceType sets the ResourceType field's value.
-func (s *ListResourcesInput) SetResourceType(v string) *ListResourcesInput {
- s.ResourceType = &v
- return s
+// Status code returns the HTTP status code for the request's response error.
+func (s *MissingRequiredParameterException) StatusCode() int {
+ return s.RespMetadata.StatusCode
}
-type ListResourcesOutput struct {
- _ struct{} `type:"structure"`
+// RequestID returns the service's response RequestID for request.
+func (s *MissingRequiredParameterException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
- // If present, this value indicates that more output is available than is included
- // in the current response. Use this value in the NextToken request parameter
- // in a subsequent call to the operation to get the next part of the output.
- // You should repeat this until the NextToken response element comes back as
- // null. This indicates that this is the last page of results.
- NextToken *string `locationName:"nextToken" type:"string"`
+// The operation failed because the requested operation isn't permitted.
+type OperationNotPermittedException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
- // An array of objects that contain information about the resources.
- Resources []*Resource `locationName:"resources" type:"list"`
+ Message_ *string `locationName:"message" type:"string"`
}
// String returns the string representation.
@@ -6355,7 +8963,7 @@ type ListResourcesOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListResourcesOutput) String() string {
+func (s OperationNotPermittedException) String() string {
return awsutil.Prettify(s)
}
@@ -6364,24 +8972,51 @@ func (s ListResourcesOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ListResourcesOutput) GoString() string {
+func (s OperationNotPermittedException) GoString() string {
return s.String()
}
-// SetNextToken sets the NextToken field's value.
-func (s *ListResourcesOutput) SetNextToken(v string) *ListResourcesOutput {
- s.NextToken = &v
- return s
+func newErrorOperationNotPermittedException(v protocol.ResponseMetadata) error {
+ return &OperationNotPermittedException{
+ RespMetadata: v,
+ }
}
-// SetResources sets the Resources field's value.
-func (s *ListResourcesOutput) SetResources(v []*Resource) *ListResourcesOutput {
- s.Resources = v
- return s
+// Code returns the exception type name.
+func (s *OperationNotPermittedException) Code() string {
+ return "OperationNotPermittedException"
}
-// The format of an Amazon Resource Name (ARN) is not valid.
-type MalformedArnException struct {
+// Message returns the exception's message.
+func (s *OperationNotPermittedException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *OperationNotPermittedException) OrigErr() error {
+ return nil
+}
+
+func (s *OperationNotPermittedException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *OperationNotPermittedException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *OperationNotPermittedException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The operation failed because a permission with the specified name already
+// exists in the requested Amazon Web Services Region. Choose a different name.
+type PermissionAlreadyExistsException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -6393,7 +9028,7 @@ type MalformedArnException struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s MalformedArnException) String() string {
+func (s PermissionAlreadyExistsException) String() string {
return awsutil.Prettify(s)
}
@@ -6402,23 +9037,23 @@ func (s MalformedArnException) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s MalformedArnException) GoString() string {
+func (s PermissionAlreadyExistsException) GoString() string {
return s.String()
}
-func newErrorMalformedArnException(v protocol.ResponseMetadata) error {
- return &MalformedArnException{
+func newErrorPermissionAlreadyExistsException(v protocol.ResponseMetadata) error {
+ return &PermissionAlreadyExistsException{
RespMetadata: v,
}
}
// Code returns the exception type name.
-func (s *MalformedArnException) Code() string {
- return "MalformedArnException"
+func (s *PermissionAlreadyExistsException) Code() string {
+ return "PermissionAlreadyExistsException"
}
// Message returns the exception's message.
-func (s *MalformedArnException) Message() string {
+func (s *PermissionAlreadyExistsException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
@@ -6426,26 +9061,29 @@ func (s *MalformedArnException) Message() string {
}
// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *MalformedArnException) OrigErr() error {
+func (s *PermissionAlreadyExistsException) OrigErr() error {
return nil
}
-func (s *MalformedArnException) Error() string {
+func (s *PermissionAlreadyExistsException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
-func (s *MalformedArnException) StatusCode() int {
+func (s *PermissionAlreadyExistsException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
-func (s *MalformedArnException) RequestID() string {
+func (s *PermissionAlreadyExistsException) RequestID() string {
return s.RespMetadata.RequestID
}
-// A required input parameter is missing.
-type MissingRequiredParameterException struct {
+// The operation failed because it would exceed the maximum number of permissions
+// you can create in each Amazon Web Services Region. To view the limits for
+// your Amazon Web Services account, see the RAM page in the Service Quotas
+// console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
+type PermissionLimitExceededException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -6457,7 +9095,7 @@ type MissingRequiredParameterException struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s MissingRequiredParameterException) String() string {
+func (s PermissionLimitExceededException) String() string {
return awsutil.Prettify(s)
}
@@ -6466,23 +9104,23 @@ func (s MissingRequiredParameterException) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s MissingRequiredParameterException) GoString() string {
+func (s PermissionLimitExceededException) GoString() string {
return s.String()
}
-func newErrorMissingRequiredParameterException(v protocol.ResponseMetadata) error {
- return &MissingRequiredParameterException{
+func newErrorPermissionLimitExceededException(v protocol.ResponseMetadata) error {
+ return &PermissionLimitExceededException{
RespMetadata: v,
}
}
// Code returns the exception type name.
-func (s *MissingRequiredParameterException) Code() string {
- return "MissingRequiredParameterException"
+func (s *PermissionLimitExceededException) Code() string {
+ return "PermissionLimitExceededException"
}
// Message returns the exception's message.
-func (s *MissingRequiredParameterException) Message() string {
+func (s *PermissionLimitExceededException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
@@ -6490,26 +9128,28 @@ func (s *MissingRequiredParameterException) Message() string {
}
// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *MissingRequiredParameterException) OrigErr() error {
+func (s *PermissionLimitExceededException) OrigErr() error {
return nil
}
-func (s *MissingRequiredParameterException) Error() string {
+func (s *PermissionLimitExceededException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
-func (s *MissingRequiredParameterException) StatusCode() int {
+func (s *PermissionLimitExceededException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
-func (s *MissingRequiredParameterException) RequestID() string {
+func (s *PermissionLimitExceededException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The requested operation is not permitted.
-type OperationNotPermittedException struct {
+// The operation failed because it would exceed the limit for the number of
+// versions you can have for a permission. To view the limits for your Amazon
+// Web Services account, see the RAM page in the Service Quotas console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
+type PermissionVersionsLimitExceededException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -6521,7 +9161,7 @@ type OperationNotPermittedException struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s OperationNotPermittedException) String() string {
+func (s PermissionVersionsLimitExceededException) String() string {
return awsutil.Prettify(s)
}
@@ -6530,23 +9170,23 @@ func (s OperationNotPermittedException) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s OperationNotPermittedException) GoString() string {
+func (s PermissionVersionsLimitExceededException) GoString() string {
return s.String()
}
-func newErrorOperationNotPermittedException(v protocol.ResponseMetadata) error {
- return &OperationNotPermittedException{
+func newErrorPermissionVersionsLimitExceededException(v protocol.ResponseMetadata) error {
+ return &PermissionVersionsLimitExceededException{
RespMetadata: v,
}
}
// Code returns the exception type name.
-func (s *OperationNotPermittedException) Code() string {
- return "OperationNotPermittedException"
+func (s *PermissionVersionsLimitExceededException) Code() string {
+ return "PermissionVersionsLimitExceededException"
}
// Message returns the exception's message.
-func (s *OperationNotPermittedException) Message() string {
+func (s *PermissionVersionsLimitExceededException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
@@ -6554,44 +9194,193 @@ func (s *OperationNotPermittedException) Message() string {
}
// OrigErr always returns nil, satisfies awserr.Error interface.
-func (s *OperationNotPermittedException) OrigErr() error {
+func (s *PermissionVersionsLimitExceededException) OrigErr() error {
return nil
}
-func (s *OperationNotPermittedException) Error() string {
+func (s *PermissionVersionsLimitExceededException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
-func (s *OperationNotPermittedException) StatusCode() int {
+func (s *PermissionVersionsLimitExceededException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
-func (s *OperationNotPermittedException) RequestID() string {
+func (s *PermissionVersionsLimitExceededException) RequestID() string {
return s.RespMetadata.RequestID
}
-// Describes a principal for use with Resource Access Manager.
-type Principal struct {
+// Describes a principal for use with Resource Access Manager.
+type Principal struct {
+ _ struct{} `type:"structure"`
+
+ // The date and time when the principal was associated with the resource share.
+ CreationTime *time.Time `locationName:"creationTime" type:"timestamp"`
+
+ // Indicates the relationship between the Amazon Web Services account the principal
+ // belongs to and the account that owns the resource share:
+ //
+ // * True – The two accounts belong to same organization.
+ //
+ // * False – The two accounts do not belong to the same organization.
+ External *bool `locationName:"external" type:"boolean"`
+
+ // The ID of the principal that can be associated with a resource share.
+ Id *string `locationName:"id" type:"string"`
+
+ // The date and time when the association between the resource share and the
+ // principal was last updated.
+ LastUpdatedTime *time.Time `locationName:"lastUpdatedTime" type:"timestamp"`
+
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of a resource share the principal is associated with.
+ ResourceShareArn *string `locationName:"resourceShareArn" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Principal) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Principal) GoString() string {
+ return s.String()
+}
+
+// SetCreationTime sets the CreationTime field's value.
+func (s *Principal) SetCreationTime(v time.Time) *Principal {
+ s.CreationTime = &v
+ return s
+}
+
+// SetExternal sets the External field's value.
+func (s *Principal) SetExternal(v bool) *Principal {
+ s.External = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *Principal) SetId(v string) *Principal {
+ s.Id = &v
+ return s
+}
+
+// SetLastUpdatedTime sets the LastUpdatedTime field's value.
+func (s *Principal) SetLastUpdatedTime(v time.Time) *Principal {
+ s.LastUpdatedTime = &v
+ return s
+}
+
+// SetResourceShareArn sets the ResourceShareArn field's value.
+func (s *Principal) SetResourceShareArn(v string) *Principal {
+ s.ResourceShareArn = &v
+ return s
+}
+
+type PromotePermissionCreatedFromPolicyInput struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies a unique, case-sensitive identifier that you provide to ensure
+ // the idempotency of the request. This lets you safely retry the request without
+ // accidentally performing the same operation a second time. Passing the same
+ // value to a later call to an operation requires that you also pass the same
+ // value for all other parameters. We recommend that you use a UUID type of
+ // value. (https://wikipedia.org/wiki/Universally_unique_identifier).
+ //
+ // If you don't provide this value, then Amazon Web Services generates a random
+ // one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // Specifies a name for the promoted customer managed permission.
+ //
+ // Name is a required field
+ Name *string `locationName:"name" type:"string" required:"true"`
+
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the CREATED_FROM_POLICY permission that you want to promote. You can get
+ // this Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // by calling the ListResourceSharePermissions operation.
+ //
+ // PermissionArn is a required field
+ PermissionArn *string `locationName:"permissionArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PromotePermissionCreatedFromPolicyInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PromotePermissionCreatedFromPolicyInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PromotePermissionCreatedFromPolicyInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "PromotePermissionCreatedFromPolicyInput"}
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.PermissionArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PermissionArn"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *PromotePermissionCreatedFromPolicyInput) SetClientToken(v string) *PromotePermissionCreatedFromPolicyInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *PromotePermissionCreatedFromPolicyInput) SetName(v string) *PromotePermissionCreatedFromPolicyInput {
+ s.Name = &v
+ return s
+}
+
+// SetPermissionArn sets the PermissionArn field's value.
+func (s *PromotePermissionCreatedFromPolicyInput) SetPermissionArn(v string) *PromotePermissionCreatedFromPolicyInput {
+ s.PermissionArn = &v
+ return s
+}
+
+type PromotePermissionCreatedFromPolicyOutput struct {
_ struct{} `type:"structure"`
- // The date and time when the principal was associated with the resource share.
- CreationTime *time.Time `locationName:"creationTime" type:"timestamp"`
-
- // Indicates whether the principal belongs to the same organization in Organizations
- // as the Amazon Web Services account that owns the resource share.
- External *bool `locationName:"external" type:"boolean"`
-
- // The ID of the principal.
- Id *string `locationName:"id" type:"string"`
-
- // The date and time when the association was last updated.
- LastUpdatedTime *time.Time `locationName:"lastUpdatedTime" type:"timestamp"`
+ // The idempotency identifier associated with this request. If you want to repeat
+ // the same operation in an idempotent manner then you must include this value
+ // in the clientToken request parameter of that later call. All other parameters
+ // must also have the same values that you used in the first call.
+ ClientToken *string `locationName:"clientToken" type:"string"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of a resource share the principal is associated with.
- ResourceShareArn *string `locationName:"resourceShareArn" type:"string"`
+ // Information about an RAM permission.
+ Permission *ResourceSharePermissionSummary `locationName:"permission" type:"structure"`
}
// String returns the string representation.
@@ -6599,7 +9388,7 @@ type Principal struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s Principal) String() string {
+func (s PromotePermissionCreatedFromPolicyOutput) String() string {
return awsutil.Prettify(s)
}
@@ -6608,44 +9397,26 @@ func (s Principal) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s Principal) GoString() string {
+func (s PromotePermissionCreatedFromPolicyOutput) GoString() string {
return s.String()
}
-// SetCreationTime sets the CreationTime field's value.
-func (s *Principal) SetCreationTime(v time.Time) *Principal {
- s.CreationTime = &v
- return s
-}
-
-// SetExternal sets the External field's value.
-func (s *Principal) SetExternal(v bool) *Principal {
- s.External = &v
- return s
-}
-
-// SetId sets the Id field's value.
-func (s *Principal) SetId(v string) *Principal {
- s.Id = &v
- return s
-}
-
-// SetLastUpdatedTime sets the LastUpdatedTime field's value.
-func (s *Principal) SetLastUpdatedTime(v time.Time) *Principal {
- s.LastUpdatedTime = &v
+// SetClientToken sets the ClientToken field's value.
+func (s *PromotePermissionCreatedFromPolicyOutput) SetClientToken(v string) *PromotePermissionCreatedFromPolicyOutput {
+ s.ClientToken = &v
return s
}
-// SetResourceShareArn sets the ResourceShareArn field's value.
-func (s *Principal) SetResourceShareArn(v string) *Principal {
- s.ResourceShareArn = &v
+// SetPermission sets the Permission field's value.
+func (s *PromotePermissionCreatedFromPolicyOutput) SetPermission(v *ResourceSharePermissionSummary) *PromotePermissionCreatedFromPolicyOutput {
+ s.Permission = v
return s
}
type PromoteResourceShareCreatedFromPolicyInput struct {
_ struct{} `type:"structure" nopayload:"true"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource share to promote.
//
// ResourceShareArn is a required field
@@ -6733,9 +9504,12 @@ type RejectResourceShareInvitationInput struct {
//
// If you don't provide this value, then Amazon Web Services generates a random
// one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
ClientToken *string `locationName:"clientToken" type:"string"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the invitation that you want to reject.
//
// ResourceShareInvitationArn is a required field
@@ -6828,21 +9602,281 @@ func (s *RejectResourceShareInvitationOutput) SetResourceShareInvitation(v *Reso
return s
}
+type ReplacePermissionAssociationsInput struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies a unique, case-sensitive identifier that you provide to ensure
+ // the idempotency of the request. This lets you safely retry the request without
+ // accidentally performing the same operation a second time. Passing the same
+ // value to a later call to an operation requires that you also pass the same
+ // value for all other parameters. We recommend that you use a UUID type of
+ // value. (https://wikipedia.org/wiki/Universally_unique_identifier).
+ //
+ // If you don't provide this value, then Amazon Web Services generates a random
+ // one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the managed permission that you want to replace.
+ //
+ // FromPermissionArn is a required field
+ FromPermissionArn *string `locationName:"fromPermissionArn" type:"string" required:"true"`
+
+ // Specifies that you want to updated the permissions for only those resource
+ // shares that use the specified version of the managed permission.
+ FromPermissionVersion *int64 `locationName:"fromPermissionVersion" type:"integer"`
+
+ // Specifies the ARN of the managed permission that you want to associate with
+ // resource shares in place of the one specified by fromPerssionArn and fromPermissionVersion.
+ //
+ // The operation always associates the version that is currently the default
+ // for the specified managed permission.
+ //
+ // ToPermissionArn is a required field
+ ToPermissionArn *string `locationName:"toPermissionArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplacePermissionAssociationsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplacePermissionAssociationsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplacePermissionAssociationsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ReplacePermissionAssociationsInput"}
+ if s.FromPermissionArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("FromPermissionArn"))
+ }
+ if s.ToPermissionArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ToPermissionArn"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *ReplacePermissionAssociationsInput) SetClientToken(v string) *ReplacePermissionAssociationsInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetFromPermissionArn sets the FromPermissionArn field's value.
+func (s *ReplacePermissionAssociationsInput) SetFromPermissionArn(v string) *ReplacePermissionAssociationsInput {
+ s.FromPermissionArn = &v
+ return s
+}
+
+// SetFromPermissionVersion sets the FromPermissionVersion field's value.
+func (s *ReplacePermissionAssociationsInput) SetFromPermissionVersion(v int64) *ReplacePermissionAssociationsInput {
+ s.FromPermissionVersion = &v
+ return s
+}
+
+// SetToPermissionArn sets the ToPermissionArn field's value.
+func (s *ReplacePermissionAssociationsInput) SetToPermissionArn(v string) *ReplacePermissionAssociationsInput {
+ s.ToPermissionArn = &v
+ return s
+}
+
+type ReplacePermissionAssociationsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The idempotency identifier associated with this request. If you want to repeat
+ // the same operation in an idempotent manner then you must include this value
+ // in the clientToken request parameter of that later call. All other parameters
+ // must also have the same values that you used in the first call.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // Specifies a data structure that you can use to track the asynchronous tasks
+ // that RAM performs to complete this operation. You can use the ListReplacePermissionAssociationsWork
+ // operation and pass the id value returned in this structure.
+ ReplacePermissionAssociationsWork *ReplacePermissionAssociationsWork `locationName:"replacePermissionAssociationsWork" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplacePermissionAssociationsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplacePermissionAssociationsOutput) GoString() string {
+ return s.String()
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *ReplacePermissionAssociationsOutput) SetClientToken(v string) *ReplacePermissionAssociationsOutput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetReplacePermissionAssociationsWork sets the ReplacePermissionAssociationsWork field's value.
+func (s *ReplacePermissionAssociationsOutput) SetReplacePermissionAssociationsWork(v *ReplacePermissionAssociationsWork) *ReplacePermissionAssociationsOutput {
+ s.ReplacePermissionAssociationsWork = v
+ return s
+}
+
+// A structure that represents the background work that RAM performs when you
+// invoke the ReplacePermissionAssociations operation.
+type ReplacePermissionAssociationsWork struct {
+ _ struct{} `type:"structure"`
+
+ // The date and time when this asynchronous background task was created.
+ CreationTime *time.Time `locationName:"creationTime" type:"timestamp"`
+
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the managed permission that this background task is replacing.
+ FromPermissionArn *string `locationName:"fromPermissionArn" type:"string"`
+
+ // The version of the managed permission that this background task is replacing.
+ FromPermissionVersion *string `locationName:"fromPermissionVersion" type:"string"`
+
+ // The unique identifier for the background task associated with one ReplacePermissionAssociations
+ // request.
+ Id *string `locationName:"id" type:"string"`
+
+ // The date and time when the status of this background task was last updated.
+ LastUpdatedTime *time.Time `locationName:"lastUpdatedTime" type:"timestamp"`
+
+ // Specifies the current status of the background tasks for the specified ID.
+ // The output is one of the following strings:
+ //
+ // * IN_PROGRESS
+ //
+ // * COMPLETED
+ //
+ // * FAILED
+ Status *string `locationName:"status" type:"string" enum:"ReplacePermissionAssociationsWorkStatus"`
+
+ // Specifies the reason for a FAILED status. This field is present only when
+ // there status is FAILED.
+ StatusMessage *string `locationName:"statusMessage" type:"string"`
+
+ // The ARN of the managed permission that this background task is associating
+ // with the resource shares in place of the managed permission and version specified
+ // in fromPermissionArn and fromPermissionVersion.
+ ToPermissionArn *string `locationName:"toPermissionArn" type:"string"`
+
+ // The version of the managed permission that this background task is associating
+ // with the resource shares. This is always the version that is currently the
+ // default for this managed permission.
+ ToPermissionVersion *string `locationName:"toPermissionVersion" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplacePermissionAssociationsWork) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ReplacePermissionAssociationsWork) GoString() string {
+ return s.String()
+}
+
+// SetCreationTime sets the CreationTime field's value.
+func (s *ReplacePermissionAssociationsWork) SetCreationTime(v time.Time) *ReplacePermissionAssociationsWork {
+ s.CreationTime = &v
+ return s
+}
+
+// SetFromPermissionArn sets the FromPermissionArn field's value.
+func (s *ReplacePermissionAssociationsWork) SetFromPermissionArn(v string) *ReplacePermissionAssociationsWork {
+ s.FromPermissionArn = &v
+ return s
+}
+
+// SetFromPermissionVersion sets the FromPermissionVersion field's value.
+func (s *ReplacePermissionAssociationsWork) SetFromPermissionVersion(v string) *ReplacePermissionAssociationsWork {
+ s.FromPermissionVersion = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *ReplacePermissionAssociationsWork) SetId(v string) *ReplacePermissionAssociationsWork {
+ s.Id = &v
+ return s
+}
+
+// SetLastUpdatedTime sets the LastUpdatedTime field's value.
+func (s *ReplacePermissionAssociationsWork) SetLastUpdatedTime(v time.Time) *ReplacePermissionAssociationsWork {
+ s.LastUpdatedTime = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *ReplacePermissionAssociationsWork) SetStatus(v string) *ReplacePermissionAssociationsWork {
+ s.Status = &v
+ return s
+}
+
+// SetStatusMessage sets the StatusMessage field's value.
+func (s *ReplacePermissionAssociationsWork) SetStatusMessage(v string) *ReplacePermissionAssociationsWork {
+ s.StatusMessage = &v
+ return s
+}
+
+// SetToPermissionArn sets the ToPermissionArn field's value.
+func (s *ReplacePermissionAssociationsWork) SetToPermissionArn(v string) *ReplacePermissionAssociationsWork {
+ s.ToPermissionArn = &v
+ return s
+}
+
+// SetToPermissionVersion sets the ToPermissionVersion field's value.
+func (s *ReplacePermissionAssociationsWork) SetToPermissionVersion(v string) *ReplacePermissionAssociationsWork {
+ s.ToPermissionVersion = &v
+ return s
+}
+
// Describes a resource associated with a resource share in RAM.
type Resource struct {
_ struct{} `type:"structure"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource.
Arn *string `locationName:"arn" type:"string"`
// The date and time when the resource was associated with the resource share.
CreationTime *time.Time `locationName:"creationTime" type:"timestamp"`
- // The date an time when the association was last updated.
+ // The date an time when the association between the resource and the resource
+ // share was last updated.
LastUpdatedTime *time.Time `locationName:"lastUpdatedTime" type:"timestamp"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource group. This value is available only if the resource is part
// of a resource group.
ResourceGroupArn *string `locationName:"resourceGroupArn" type:"string"`
@@ -6856,7 +9890,7 @@ type Resource struct {
// Region.
ResourceRegionScope *string `locationName:"resourceRegionScope" type:"string" enum:"ResourceRegionScope"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource share this resource is associated with.
ResourceShareArn *string `locationName:"resourceShareArn" type:"string"`
@@ -6866,7 +9900,9 @@ type Resource struct {
// A message about the status of the resource.
StatusMessage *string `locationName:"statusMessage" type:"string"`
- // The resource type. This takes the form of: service-code:resource-code
+ // The resource type. This takes the form of: service-code:resource-code, and
+ // is case-insensitive. For example, an Amazon EC2 Subnet would be represented
+ // by the string ec2:subnet.
Type *string `locationName:"type" type:"string"`
}
@@ -6942,7 +9978,8 @@ func (s *Resource) SetType(v string) *Resource {
return s
}
-// The specified Amazon Resource Name (ARN) was not found.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// was not found.
type ResourceArnNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -7012,26 +10049,37 @@ type ResourceShare struct {
// Indicates whether principals outside your organization in Organizations can
// be associated with a resource share.
+ //
+ // * True – the resource share can be shared with any Amazon Web Services
+ // account.
+ //
+ // * False – the resource share can be shared with only accounts in the
+ // same organization as the account that owns the resource share.
AllowExternalPrincipals *bool `locationName:"allowExternalPrincipals" type:"boolean"`
// The date and time when the resource share was created.
CreationTime *time.Time `locationName:"creationTime" type:"timestamp"`
- // Indicates how the resource share was created. Possible values include:
+ // Indicates what features are available for this resource share. This parameter
+ // can have one of the following values:
//
- // * CREATED_FROM_POLICY - Indicates that the resource share was created
- // from an Identity and Access Management (IAM) resource-based permission
- // policy attached to the resource. This type of resource share is visible
- // only to the Amazon Web Services account that created it. You can't modify
- // it in RAM unless you promote it. For more information, see PromoteResourceShareCreatedFromPolicy.
+ // * STANDARD – A resource share that supports all functionality. These
+ // resource shares are visible to all principals you share the resource share
+ // with. You can modify these resource shares in RAM using the console or
+ // APIs. This resource share might have been created by RAM, or it might
+ // have been CREATED_FROM_POLICY and then promoted.
//
- // * PROMOTING_TO_STANDARD - The resource share is in the process of being
- // promoted. For more information, see PromoteResourceShareCreatedFromPolicy.
+ // * CREATED_FROM_POLICY – The customer manually shared a resource by attaching
+ // a resource-based policy. That policy did not match any existing managed
+ // permissions, so RAM created this customer managed permission automatically
+ // on the customer's behalf based on the attached policy document. This type
+ // of resource share is visible only to the Amazon Web Services account that
+ // created it. You can't modify it in RAM unless you promote it. For more
+ // information, see PromoteResourceShareCreatedFromPolicy.
//
- // * STANDARD - Indicates that the resource share was created in RAM using
- // the console or APIs. These resource shares are visible to all principals
- // you share the resource share with. You can modify these resource shares
- // in RAM using the console or APIs.
+ // * PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY,
+ // but the customer ran the PromoteResourceShareCreatedFromPolicy and that
+ // operation is still in progress. This value changes to STANDARD when complete.
FeatureSet *string `locationName:"featureSet" type:"string" enum:"ResourceShareFeatureSet"`
// The date and time when the resource share was last updated.
@@ -7043,7 +10091,7 @@ type ResourceShare struct {
// The ID of the Amazon Web Services account that owns the resource share.
OwningAccountId *string `locationName:"owningAccountId" type:"string"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource share
ResourceShareArn *string `locationName:"resourceShareArn" type:"string"`
@@ -7135,18 +10183,18 @@ func (s *ResourceShare) SetTags(v []*Tag) *ResourceShare {
return s
}
-// Describes an association with a resource share and either a principal or
-// a resource.
+// Describes an association between a resource share and either a principal
+// or a resource.
type ResourceShareAssociation struct {
_ struct{} `type:"structure"`
// The associated entity. This can be either of the following:
//
- // * For a resource association, this is the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // * For a resource association, this is the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource.
//
// * For principal associations, this is one of the following: The ID of
- // an Amazon Web Services account The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // an Amazon Web Services account The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an organization in Organizations The ARN of an organizational unit
// (OU) in Organizations The ARN of an IAM role The ARN of an IAM user
AssociatedEntity *string `locationName:"associatedEntity" type:"string"`
@@ -7164,7 +10212,7 @@ type ResourceShareAssociation struct {
// The date and time when the association was last updated.
LastUpdatedTime *time.Time `locationName:"lastUpdatedTime" type:"timestamp"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource share.
ResourceShareArn *string `locationName:"resourceShareArn" type:"string"`
@@ -7261,11 +10309,11 @@ type ResourceShareInvitation struct {
// The ID of the Amazon Web Services account that received the invitation.
ReceiverAccountId *string `locationName:"receiverAccountId" type:"string"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the IAM user or role that received the invitation.
ReceiverArn *string `locationName:"receiverArn" type:"string"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource share
ResourceShareArn *string `locationName:"resourceShareArn" type:"string"`
@@ -7275,7 +10323,7 @@ type ResourceShareInvitation struct {
// Deprecated: This member has been deprecated. Use ListPendingInvitationResources.
ResourceShareAssociations []*ResourceShareAssociation `locationName:"resourceShareAssociations" deprecated:"true" type:"list"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the invitation.
ResourceShareInvitationArn *string `locationName:"resourceShareInvitationArn" type:"string"`
@@ -7361,7 +10409,7 @@ func (s *ResourceShareInvitation) SetStatus(v string) *ResourceShareInvitation {
return s
}
-// The specified invitation was already accepted.
+// The operation failed because the specified invitation was already accepted.
type ResourceShareInvitationAlreadyAcceptedException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -7425,7 +10473,7 @@ func (s *ResourceShareInvitationAlreadyAcceptedException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The specified invitation was already rejected.
+// The operation failed because the specified invitation was already rejected.
type ResourceShareInvitationAlreadyRejectedException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -7489,7 +10537,8 @@ func (s *ResourceShareInvitationAlreadyRejectedException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The specified Amazon Resource Name (ARN) for an invitation was not found.
+// The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+// for an invitation was not found.
type ResourceShareInvitationArnNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -7553,7 +10602,8 @@ func (s *ResourceShareInvitationArnNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The specified invitation is expired.
+// The operation failed because the specified invitation is past its expiration
+// date and time.
type ResourceShareInvitationExpiredException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -7617,7 +10667,9 @@ func (s *ResourceShareInvitationExpiredException) RequestID() string {
return s.RespMetadata.RequestID
}
-// This request would exceed the limit for resource shares for your account.
+// The operation failed because it would exceed the limit for resource shares
+// for your account. To view the limits for your Amazon Web Services account,
+// see the RAM page in the Service Quotas console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
type ResourceShareLimitExceededException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -7681,22 +10733,44 @@ func (s *ResourceShareLimitExceededException) RequestID() string {
return s.RespMetadata.RequestID
}
-// Information about an RAM permission.
+// Information about a RAM managed permission.
type ResourceSharePermissionDetail struct {
_ struct{} `type:"structure"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of this RAM permission.
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of this RAM managed permission.
Arn *string `locationName:"arn" type:"string"`
// The date and time when the permission was created.
CreationTime *time.Time `locationName:"creationTime" type:"timestamp"`
- // Specifies whether the version of the permission represented in this structure
+ // Specifies whether the version of the permission represented in this response
// is the default version for this permission.
DefaultVersion *bool `locationName:"defaultVersion" type:"boolean"`
- // Specifies whether the version of the permission represented in this structure
+ // Indicates what features are available for this resource share. This parameter
+ // can have one of the following values:
+ //
+ // * STANDARD – A resource share that supports all functionality. These
+ // resource shares are visible to all principals you share the resource share
+ // with. You can modify these resource shares in RAM using the console or
+ // APIs. This resource share might have been created by RAM, or it might
+ // have been CREATED_FROM_POLICY and then promoted.
+ //
+ // * CREATED_FROM_POLICY – The customer manually shared a resource by attaching
+ // a resource-based policy. That policy did not match any existing managed
+ // permissions, so RAM created this customer managed permission automatically
+ // on the customer's behalf based on the attached policy document. This type
+ // of resource share is visible only to the Amazon Web Services account that
+ // created it. You can't modify it in RAM unless you promote it. For more
+ // information, see PromoteResourceShareCreatedFromPolicy.
+ //
+ // * PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY,
+ // but the customer ran the PromoteResourceShareCreatedFromPolicy and that
+ // operation is still in progress. This value changes to STANDARD when complete.
+ FeatureSet *string `locationName:"featureSet" type:"string" enum:"PermissionFeatureSet"`
+
+ // Specifies whether the version of the permission represented in this response
// is the default version for all resources of this resource type.
IsResourceTypeDefault *bool `locationName:"isResourceTypeDefault" type:"boolean"`
@@ -7711,10 +10785,38 @@ type ResourceSharePermissionDetail struct {
// operations to which the principal is granted or denied access.
Permission *string `locationName:"permission" type:"string"`
+ // The type of managed permission. This can be one of the following values:
+ //
+ // * AWS_MANAGED – Amazon Web Services created and manages this managed
+ // permission. You can associate it with your resource shares, but you can't
+ // modify it.
+ //
+ // * CUSTOMER_MANAGED – You, or another principal in your account created
+ // this managed permission. You can associate it with your resource shares
+ // and create new versions that have different permissions.
+ PermissionType *string `locationName:"permissionType" type:"string" enum:"PermissionType"`
+
// The resource type to which this permission applies.
ResourceType *string `locationName:"resourceType" type:"string"`
- // The version of the permission represented in this structure.
+ // The current status of the association between the permission and the resource
+ // share. The following are the possible values:
+ //
+ // * ATTACHABLE – This permission or version can be associated with resource
+ // shares.
+ //
+ // * UNATTACHABLE – This permission or version can't currently be associated
+ // with resource shares.
+ //
+ // * DELETING – This permission or version is in the process of being deleted.
+ //
+ // * DELETED – This permission or version is deleted.
+ Status *string `locationName:"status" type:"string" enum:"PermissionStatus"`
+
+ // The tag key and value pairs attached to the resource share.
+ Tags []*Tag `locationName:"tags" type:"list"`
+
+ // The version of the permission described in this response.
Version *string `locationName:"version" type:"string"`
}
@@ -7754,6 +10856,12 @@ func (s *ResourceSharePermissionDetail) SetDefaultVersion(v bool) *ResourceShare
return s
}
+// SetFeatureSet sets the FeatureSet field's value.
+func (s *ResourceSharePermissionDetail) SetFeatureSet(v string) *ResourceSharePermissionDetail {
+ s.FeatureSet = &v
+ return s
+}
+
// SetIsResourceTypeDefault sets the IsResourceTypeDefault field's value.
func (s *ResourceSharePermissionDetail) SetIsResourceTypeDefault(v bool) *ResourceSharePermissionDetail {
s.IsResourceTypeDefault = &v
@@ -7778,9 +10886,27 @@ func (s *ResourceSharePermissionDetail) SetPermission(v string) *ResourceSharePe
return s
}
-// SetResourceType sets the ResourceType field's value.
-func (s *ResourceSharePermissionDetail) SetResourceType(v string) *ResourceSharePermissionDetail {
- s.ResourceType = &v
+// SetPermissionType sets the PermissionType field's value.
+func (s *ResourceSharePermissionDetail) SetPermissionType(v string) *ResourceSharePermissionDetail {
+ s.PermissionType = &v
+ return s
+}
+
+// SetResourceType sets the ResourceType field's value.
+func (s *ResourceSharePermissionDetail) SetResourceType(v string) *ResourceSharePermissionDetail {
+ s.ResourceType = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *ResourceSharePermissionDetail) SetStatus(v string) *ResourceSharePermissionDetail {
+ s.Status = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *ResourceSharePermissionDetail) SetTags(v []*Tag) *ResourceSharePermissionDetail {
+ s.Tags = v
return s
}
@@ -7790,39 +10916,76 @@ func (s *ResourceSharePermissionDetail) SetVersion(v string) *ResourceSharePermi
return s
}
-// Information about an RAM permission that is associated with a resource share
-// and any of its resources of a specified type.
+// Information about an RAM permission.
type ResourceSharePermissionSummary struct {
_ struct{} `type:"structure"`
- // The Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the permission you want information about.
Arn *string `locationName:"arn" type:"string"`
// The date and time when the permission was created.
CreationTime *time.Time `locationName:"creationTime" type:"timestamp"`
- // Specifies whether the version of the permission represented in this structure
- // is the default version for this permission.
+ // Specifies whether the version of the managed permission used by this resource
+ // share is the default version for this managed permission.
DefaultVersion *bool `locationName:"defaultVersion" type:"boolean"`
- // Specifies whether the version of the permission represented in this structure
- // is the default version for all resources of this resource type.
+ // Indicates what features are available for this resource share. This parameter
+ // can have one of the following values:
+ //
+ // * STANDARD – A resource share that supports all functionality. These
+ // resource shares are visible to all principals you share the resource share
+ // with. You can modify these resource shares in RAM using the console or
+ // APIs. This resource share might have been created by RAM, or it might
+ // have been CREATED_FROM_POLICY and then promoted.
+ //
+ // * CREATED_FROM_POLICY – The customer manually shared a resource by attaching
+ // a resource-based policy. That policy did not match any existing managed
+ // permissions, so RAM created this customer managed permission automatically
+ // on the customer's behalf based on the attached policy document. This type
+ // of resource share is visible only to the Amazon Web Services account that
+ // created it. You can't modify it in RAM unless you promote it. For more
+ // information, see PromoteResourceShareCreatedFromPolicy.
+ //
+ // * PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY,
+ // but the customer ran the PromoteResourceShareCreatedFromPolicy and that
+ // operation is still in progress. This value changes to STANDARD when complete.
+ FeatureSet *string `locationName:"featureSet" type:"string" enum:"PermissionFeatureSet"`
+
+ // Specifies whether the managed permission associated with this resource share
+ // is the default managed permission for all resources of this resource type.
IsResourceTypeDefault *bool `locationName:"isResourceTypeDefault" type:"boolean"`
// The date and time when the permission was last updated.
LastUpdatedTime *time.Time `locationName:"lastUpdatedTime" type:"timestamp"`
- // The name of this permission.
+ // The name of this managed permission.
Name *string `locationName:"name" type:"string"`
- // The type of resource to which this permission applies.
+ // The type of managed permission. This can be one of the following values:
+ //
+ // * AWS_MANAGED – Amazon Web Services created and manages this managed
+ // permission. You can associate it with your resource shares, but you can't
+ // modify it.
+ //
+ // * CUSTOMER_MANAGED – You, or another principal in your account created
+ // this managed permission. You can associate it with your resource shares
+ // and create new versions that have different permissions.
+ PermissionType *string `locationName:"permissionType" type:"string" enum:"PermissionType"`
+
+ // The type of resource to which this permission applies. This takes the form
+ // of: service-code:resource-code, and is case-insensitive. For example, an
+ // Amazon EC2 Subnet would be represented by the string ec2:subnet.
ResourceType *string `locationName:"resourceType" type:"string"`
// The current status of the permission.
Status *string `locationName:"status" type:"string"`
- // The version of the permission represented in this structure.
+ // A list of the tag key value pairs currently attached to the permission.
+ Tags []*Tag `locationName:"tags" type:"list"`
+
+ // The version of the permission associated with this resource share.
Version *string `locationName:"version" type:"string"`
}
@@ -7862,6 +11025,12 @@ func (s *ResourceSharePermissionSummary) SetDefaultVersion(v bool) *ResourceShar
return s
}
+// SetFeatureSet sets the FeatureSet field's value.
+func (s *ResourceSharePermissionSummary) SetFeatureSet(v string) *ResourceSharePermissionSummary {
+ s.FeatureSet = &v
+ return s
+}
+
// SetIsResourceTypeDefault sets the IsResourceTypeDefault field's value.
func (s *ResourceSharePermissionSummary) SetIsResourceTypeDefault(v bool) *ResourceSharePermissionSummary {
s.IsResourceTypeDefault = &v
@@ -7880,6 +11049,12 @@ func (s *ResourceSharePermissionSummary) SetName(v string) *ResourceSharePermiss
return s
}
+// SetPermissionType sets the PermissionType field's value.
+func (s *ResourceSharePermissionSummary) SetPermissionType(v string) *ResourceSharePermissionSummary {
+ s.PermissionType = &v
+ return s
+}
+
// SetResourceType sets the ResourceType field's value.
func (s *ResourceSharePermissionSummary) SetResourceType(v string) *ResourceSharePermissionSummary {
s.ResourceType = &v
@@ -7892,13 +11067,20 @@ func (s *ResourceSharePermissionSummary) SetStatus(v string) *ResourceSharePermi
return s
}
+// SetTags sets the Tags field's value.
+func (s *ResourceSharePermissionSummary) SetTags(v []*Tag) *ResourceSharePermissionSummary {
+ s.Tags = v
+ return s
+}
+
// SetVersion sets the Version field's value.
func (s *ResourceSharePermissionSummary) SetVersion(v string) *ResourceSharePermissionSummary {
s.Version = &v
return s
}
-// The service could not respond to the request due to an internal problem.
+// The operation failed because the service could not respond to the request
+// due to an internal problem. Try again later.
type ServerInternalException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -7976,7 +11158,9 @@ type ServiceNameAndResourceType struct {
// Region.
ResourceRegionScope *string `locationName:"resourceRegionScope" type:"string" enum:"ResourceRegionScope"`
- // The type of the resource.
+ // The type of the resource. This takes the form of: service-code:resource-code,
+ // and is case-insensitive. For example, an Amazon EC2 Subnet would be represented
+ // by the string ec2:subnet.
ResourceType *string `locationName:"resourceType" type:"string"`
// The name of the Amazon Web Services service to which resources of this type
@@ -8020,7 +11204,7 @@ func (s *ServiceNameAndResourceType) SetServiceName(v string) *ServiceNameAndRes
return s
}
-// The service is not available.
+// The operation failed because the service isn't available. Try again later.
type ServiceUnavailableException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -8084,6 +11268,132 @@ func (s *ServiceUnavailableException) RequestID() string {
return s.RespMetadata.RequestID
}
+type SetDefaultPermissionVersionInput struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies a unique, case-sensitive identifier that you provide to ensure
+ // the idempotency of the request. This lets you safely retry the request without
+ // accidentally performing the same operation a second time. Passing the same
+ // value to a later call to an operation requires that you also pass the same
+ // value for all other parameters. We recommend that you use a UUID type of
+ // value. (https://wikipedia.org/wiki/Universally_unique_identifier).
+ //
+ // If you don't provide this value, then Amazon Web Services generates a random
+ // one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the customer managed permission whose default version you want to change.
+ //
+ // PermissionArn is a required field
+ PermissionArn *string `locationName:"permissionArn" type:"string" required:"true"`
+
+ // Specifies the version number that you want to designate as the default for
+ // customer managed permission. To see a list of all available version numbers,
+ // use ListPermissionVersions.
+ //
+ // PermissionVersion is a required field
+ PermissionVersion *int64 `locationName:"permissionVersion" type:"integer" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SetDefaultPermissionVersionInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SetDefaultPermissionVersionInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *SetDefaultPermissionVersionInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "SetDefaultPermissionVersionInput"}
+ if s.PermissionArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PermissionArn"))
+ }
+ if s.PermissionVersion == nil {
+ invalidParams.Add(request.NewErrParamRequired("PermissionVersion"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *SetDefaultPermissionVersionInput) SetClientToken(v string) *SetDefaultPermissionVersionInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetPermissionArn sets the PermissionArn field's value.
+func (s *SetDefaultPermissionVersionInput) SetPermissionArn(v string) *SetDefaultPermissionVersionInput {
+ s.PermissionArn = &v
+ return s
+}
+
+// SetPermissionVersion sets the PermissionVersion field's value.
+func (s *SetDefaultPermissionVersionInput) SetPermissionVersion(v int64) *SetDefaultPermissionVersionInput {
+ s.PermissionVersion = &v
+ return s
+}
+
+type SetDefaultPermissionVersionOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The idempotency identifier associated with this request. If you want to repeat
+ // the same operation in an idempotent manner then you must include this value
+ // in the clientToken request parameter of that later call. All other parameters
+ // must also have the same values that you used in the first call.
+ ClientToken *string `locationName:"clientToken" type:"string"`
+
+ // A boolean value that indicates whether the operation was successful.
+ ReturnValue *bool `locationName:"returnValue" type:"boolean"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SetDefaultPermissionVersionOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SetDefaultPermissionVersionOutput) GoString() string {
+ return s.String()
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *SetDefaultPermissionVersionOutput) SetClientToken(v string) *SetDefaultPermissionVersionOutput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetReturnValue sets the ReturnValue field's value.
+func (s *SetDefaultPermissionVersionOutput) SetReturnValue(v bool) *SetDefaultPermissionVersionOutput {
+ s.ReturnValue = &v
+ return s
+}
+
// A structure containing a tag. A tag is metadata that you can attach to your
// resources to help organize and categorize them. You can also use them to
// help you secure your resources. For more information, see Controlling access
@@ -8177,7 +11487,8 @@ func (s *TagFilter) SetTagValues(v []*string) *TagFilter {
return s
}
-// This request would exceed the limit for tags for your account.
+// The operation failed because it would exceed the limit for tags for your
+// Amazon Web Services account.
type TagLimitExceededException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -8241,7 +11552,8 @@ func (s *TagLimitExceededException) RequestID() string {
return s.RespMetadata.RequestID
}
-// The specified tag key is a reserved word and can't be used.
+// The operation failed because the specified tag key is a reserved word and
+// can't be used.
type TagPolicyViolationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -8308,11 +11620,15 @@ func (s *TagPolicyViolationException) RequestID() string {
type TagResourceInput struct {
_ struct{} `type:"structure"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
- // of the resource share that you want to add tags to.
- //
- // ResourceShareArn is a required field
- ResourceShareArn *string `locationName:"resourceShareArn" type:"string" required:"true"`
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the managed permission that you want to add tags to. You must specify
+ // either resourceArn, or resourceShareArn, but not both.
+ ResourceArn *string `locationName:"resourceArn" type:"string"`
+
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the resource share that you want to add tags to. You must specify either
+ // resourceShareArn, or resourceArn, but not both.
+ ResourceShareArn *string `locationName:"resourceShareArn" type:"string"`
// A list of one or more tag key and value pairs. The tag key must be present
// and not be an empty string. The tag value must be present but can be an empty
@@ -8343,9 +11659,6 @@ func (s TagResourceInput) GoString() string {
// Validate inspects the fields of the type to determine if they are valid.
func (s *TagResourceInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
- if s.ResourceShareArn == nil {
- invalidParams.Add(request.NewErrParamRequired("ResourceShareArn"))
- }
if s.Tags == nil {
invalidParams.Add(request.NewErrParamRequired("Tags"))
}
@@ -8356,6 +11669,12 @@ func (s *TagResourceInput) Validate() error {
return nil
}
+// SetResourceArn sets the ResourceArn field's value.
+func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
// SetResourceShareArn sets the ResourceShareArn field's value.
func (s *TagResourceInput) SetResourceShareArn(v string) *TagResourceInput {
s.ResourceShareArn = &v
@@ -8390,8 +11709,8 @@ func (s TagResourceOutput) GoString() string {
return s.String()
}
-// You exceeded the rate at which you are allowed to perform this operation.
-// Please try again later.
+// The operation failed because it exceeded the rate at which you are allowed
+// to perform this operation. Please try again later.
type ThrottlingException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -8455,7 +11774,7 @@ func (s *ThrottlingException) RequestID() string {
return s.RespMetadata.RequestID
}
-// A specified resource was not found.
+// The operation failed because a specified resource couldn't be found.
type UnknownResourceException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
@@ -8519,15 +11838,86 @@ func (s *UnknownResourceException) RequestID() string {
return s.RespMetadata.RequestID
}
+// There isn't an existing managed permission defined in RAM that has the same
+// IAM permissions as the resource-based policy attached to the resource. You
+// should first run PromotePermissionCreatedFromPolicy to create that managed
+// permission.
+type UnmatchedPolicyPermissionException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnmatchedPolicyPermissionException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnmatchedPolicyPermissionException) GoString() string {
+ return s.String()
+}
+
+func newErrorUnmatchedPolicyPermissionException(v protocol.ResponseMetadata) error {
+ return &UnmatchedPolicyPermissionException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *UnmatchedPolicyPermissionException) Code() string {
+ return "UnmatchedPolicyPermissionException"
+}
+
+// Message returns the exception's message.
+func (s *UnmatchedPolicyPermissionException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *UnmatchedPolicyPermissionException) OrigErr() error {
+ return nil
+}
+
+func (s *UnmatchedPolicyPermissionException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *UnmatchedPolicyPermissionException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *UnmatchedPolicyPermissionException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
type UntagResourceInput struct {
_ struct{} `type:"structure"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // of the managed permission that you want to remove tags from. You must specify
+ // either resourceArn, or resourceShareArn, but not both.
+ ResourceArn *string `locationName:"resourceArn" type:"string"`
+
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource share that you want to remove tags from. The tags are removed
- // from the resource share, not the resources in the resource share.
- //
- // ResourceShareArn is a required field
- ResourceShareArn *string `locationName:"resourceShareArn" type:"string" required:"true"`
+ // from the resource share, not the resources in the resource share. You must
+ // specify either resourceShareArn, or resourceArn, but not both.
+ ResourceShareArn *string `locationName:"resourceShareArn" type:"string"`
// Specifies a list of one or more tag keys that you want to remove.
//
@@ -8556,9 +11946,6 @@ func (s UntagResourceInput) GoString() string {
// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagResourceInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
- if s.ResourceShareArn == nil {
- invalidParams.Add(request.NewErrParamRequired("ResourceShareArn"))
- }
if s.TagKeys == nil {
invalidParams.Add(request.NewErrParamRequired("TagKeys"))
}
@@ -8569,6 +11956,12 @@ func (s *UntagResourceInput) Validate() error {
return nil
}
+// SetResourceArn sets the ResourceArn field's value.
+func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
// SetResourceShareArn sets the ResourceShareArn field's value.
func (s *UntagResourceInput) SetResourceShareArn(v string) *UntagResourceInput {
s.ResourceShareArn = &v
@@ -8619,12 +12012,15 @@ type UpdateResourceShareInput struct {
//
// If you don't provide this value, then Amazon Web Services generates a random
// one for you.
+ //
+ // If you retry the operation with the same ClientToken, but with different
+ // parameters, the retry fails with an IdempotentParameterMismatch error.
ClientToken *string `locationName:"clientToken" type:"string"`
// If specified, the new name that you want to attach to the resource share.
Name *string `locationName:"name" type:"string"`
- // Specifies the Amazon Resoure Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the resource share that you want to modify.
//
// ResourceShareArn is a required field
@@ -8729,6 +12125,106 @@ func (s *UpdateResourceShareOutput) SetResourceShare(v *ResourceShare) *UpdateRe
return s
}
+const (
+ // PermissionFeatureSetCreatedFromPolicy is a PermissionFeatureSet enum value
+ PermissionFeatureSetCreatedFromPolicy = "CREATED_FROM_POLICY"
+
+ // PermissionFeatureSetPromotingToStandard is a PermissionFeatureSet enum value
+ PermissionFeatureSetPromotingToStandard = "PROMOTING_TO_STANDARD"
+
+ // PermissionFeatureSetStandard is a PermissionFeatureSet enum value
+ PermissionFeatureSetStandard = "STANDARD"
+)
+
+// PermissionFeatureSet_Values returns all elements of the PermissionFeatureSet enum
+func PermissionFeatureSet_Values() []string {
+ return []string{
+ PermissionFeatureSetCreatedFromPolicy,
+ PermissionFeatureSetPromotingToStandard,
+ PermissionFeatureSetStandard,
+ }
+}
+
+const (
+ // PermissionStatusAttachable is a PermissionStatus enum value
+ PermissionStatusAttachable = "ATTACHABLE"
+
+ // PermissionStatusUnattachable is a PermissionStatus enum value
+ PermissionStatusUnattachable = "UNATTACHABLE"
+
+ // PermissionStatusDeleting is a PermissionStatus enum value
+ PermissionStatusDeleting = "DELETING"
+
+ // PermissionStatusDeleted is a PermissionStatus enum value
+ PermissionStatusDeleted = "DELETED"
+)
+
+// PermissionStatus_Values returns all elements of the PermissionStatus enum
+func PermissionStatus_Values() []string {
+ return []string{
+ PermissionStatusAttachable,
+ PermissionStatusUnattachable,
+ PermissionStatusDeleting,
+ PermissionStatusDeleted,
+ }
+}
+
+const (
+ // PermissionTypeCustomerManaged is a PermissionType enum value
+ PermissionTypeCustomerManaged = "CUSTOMER_MANAGED"
+
+ // PermissionTypeAwsManaged is a PermissionType enum value
+ PermissionTypeAwsManaged = "AWS_MANAGED"
+)
+
+// PermissionType_Values returns all elements of the PermissionType enum
+func PermissionType_Values() []string {
+ return []string{
+ PermissionTypeCustomerManaged,
+ PermissionTypeAwsManaged,
+ }
+}
+
+const (
+ // PermissionTypeFilterAll is a PermissionTypeFilter enum value
+ PermissionTypeFilterAll = "ALL"
+
+ // PermissionTypeFilterAwsManaged is a PermissionTypeFilter enum value
+ PermissionTypeFilterAwsManaged = "AWS_MANAGED"
+
+ // PermissionTypeFilterCustomerManaged is a PermissionTypeFilter enum value
+ PermissionTypeFilterCustomerManaged = "CUSTOMER_MANAGED"
+)
+
+// PermissionTypeFilter_Values returns all elements of the PermissionTypeFilter enum
+func PermissionTypeFilter_Values() []string {
+ return []string{
+ PermissionTypeFilterAll,
+ PermissionTypeFilterAwsManaged,
+ PermissionTypeFilterCustomerManaged,
+ }
+}
+
+const (
+ // ReplacePermissionAssociationsWorkStatusInProgress is a ReplacePermissionAssociationsWorkStatus enum value
+ ReplacePermissionAssociationsWorkStatusInProgress = "IN_PROGRESS"
+
+ // ReplacePermissionAssociationsWorkStatusCompleted is a ReplacePermissionAssociationsWorkStatus enum value
+ ReplacePermissionAssociationsWorkStatusCompleted = "COMPLETED"
+
+ // ReplacePermissionAssociationsWorkStatusFailed is a ReplacePermissionAssociationsWorkStatus enum value
+ ReplacePermissionAssociationsWorkStatusFailed = "FAILED"
+)
+
+// ReplacePermissionAssociationsWorkStatus_Values returns all elements of the ReplacePermissionAssociationsWorkStatus enum
+func ReplacePermissionAssociationsWorkStatus_Values() []string {
+ return []string{
+ ReplacePermissionAssociationsWorkStatusInProgress,
+ ReplacePermissionAssociationsWorkStatusCompleted,
+ ReplacePermissionAssociationsWorkStatusFailed,
+ }
+}
+
const (
// ResourceOwnerSelf is a ResourceOwner enum value
ResourceOwnerSelf = "SELF"
diff --git a/service/ram/doc.go b/service/ram/doc.go
index 39061b61279..e03cc7267f4 100644
--- a/service/ram/doc.go
+++ b/service/ram/doc.go
@@ -6,12 +6,11 @@
// This is the Resource Access Manager API Reference. This documentation provides
// descriptions and syntax for each of the actions and data types in RAM. RAM
// is a service that helps you securely share your Amazon Web Services resources
-// across Amazon Web Services accounts. If you have multiple Amazon Web Services
-// accounts, you can use RAM to share those resources with other accounts. If
-// you use Organizations to manage your accounts, then you share your resources
-// with your organization or organizational units (OUs). For supported resource
-// types, you can also share resources with individual Identity and Access Management
-// (IAM) roles an users.
+// to other Amazon Web Services accounts. If you use Organizations to manage
+// your accounts, then you can share your resources with your entire organization
+// or to organizational units (OUs). For supported resource types, you can also
+// share resources with individual Identity and Access Management (IAM) roles
+// and users.
//
// To learn more about RAM, see the following resources:
//
diff --git a/service/ram/errors.go b/service/ram/errors.go
index a7dd62c1d7e..940f0322612 100644
--- a/service/ram/errors.go
+++ b/service/ram/errors.go
@@ -11,137 +11,195 @@ const (
// ErrCodeIdempotentParameterMismatchException for service response error code
// "IdempotentParameterMismatchException".
//
- // The client token input parameter was matched one used with a previous call
- // to the operation, but at least one of the other input parameters is different
- // from the previous call.
+ // The operation failed because the client token input parameter matched one
+ // that was used with a previous call to the operation, but at least one of
+ // the other input parameters is different from the previous call.
ErrCodeIdempotentParameterMismatchException = "IdempotentParameterMismatchException"
// ErrCodeInvalidClientTokenException for service response error code
// "InvalidClientTokenException".
//
- // The client token is not valid.
+ // The operation failed because the specified client token isn't valid.
ErrCodeInvalidClientTokenException = "InvalidClientTokenException"
// ErrCodeInvalidMaxResultsException for service response error code
// "InvalidMaxResultsException".
//
- // The specified value for MaxResults is not valid.
+ // The operation failed because the specified value for MaxResults isn't valid.
ErrCodeInvalidMaxResultsException = "InvalidMaxResultsException"
// ErrCodeInvalidNextTokenException for service response error code
// "InvalidNextTokenException".
//
- // The specified value for NextToken is not valid.
+ // The operation failed because the specified value for NextToken isn't valid.
+ // You must specify a value you received in the NextToken response of a previous
+ // call to this operation.
ErrCodeInvalidNextTokenException = "InvalidNextTokenException"
// ErrCodeInvalidParameterException for service response error code
// "InvalidParameterException".
//
- // A parameter is not valid.
+ // The operation failed because a parameter you specified isn't valid.
ErrCodeInvalidParameterException = "InvalidParameterException"
+ // ErrCodeInvalidPolicyException for service response error code
+ // "InvalidPolicyException".
+ //
+ // The operation failed because a policy you specified isn't valid.
+ ErrCodeInvalidPolicyException = "InvalidPolicyException"
+
// ErrCodeInvalidResourceTypeException for service response error code
// "InvalidResourceTypeException".
//
- // The specified resource type is not valid.
+ // The operation failed because the specified resource type isn't valid.
ErrCodeInvalidResourceTypeException = "InvalidResourceTypeException"
// ErrCodeInvalidStateTransitionException for service response error code
// "InvalidStateTransitionException".
//
- // The requested state transition is not valid.
+ // The operation failed because the requested operation isn't valid for the
+ // resource share in its current state.
ErrCodeInvalidStateTransitionException = "InvalidStateTransitionException"
// ErrCodeMalformedArnException for service response error code
// "MalformedArnException".
//
- // The format of an Amazon Resource Name (ARN) is not valid.
+ // The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // has a format that isn't valid.
ErrCodeMalformedArnException = "MalformedArnException"
+ // ErrCodeMalformedPolicyTemplateException for service response error code
+ // "MalformedPolicyTemplateException".
+ //
+ // The operation failed because the policy template that you provided isn't
+ // valid.
+ ErrCodeMalformedPolicyTemplateException = "MalformedPolicyTemplateException"
+
// ErrCodeMissingRequiredParameterException for service response error code
// "MissingRequiredParameterException".
//
- // A required input parameter is missing.
+ // The operation failed because a required input parameter is missing.
ErrCodeMissingRequiredParameterException = "MissingRequiredParameterException"
// ErrCodeOperationNotPermittedException for service response error code
// "OperationNotPermittedException".
//
- // The requested operation is not permitted.
+ // The operation failed because the requested operation isn't permitted.
ErrCodeOperationNotPermittedException = "OperationNotPermittedException"
+ // ErrCodePermissionAlreadyExistsException for service response error code
+ // "PermissionAlreadyExistsException".
+ //
+ // The operation failed because a permission with the specified name already
+ // exists in the requested Amazon Web Services Region. Choose a different name.
+ ErrCodePermissionAlreadyExistsException = "PermissionAlreadyExistsException"
+
+ // ErrCodePermissionLimitExceededException for service response error code
+ // "PermissionLimitExceededException".
+ //
+ // The operation failed because it would exceed the maximum number of permissions
+ // you can create in each Amazon Web Services Region. To view the limits for
+ // your Amazon Web Services account, see the RAM page in the Service Quotas
+ // console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
+ ErrCodePermissionLimitExceededException = "PermissionLimitExceededException"
+
+ // ErrCodePermissionVersionsLimitExceededException for service response error code
+ // "PermissionVersionsLimitExceededException".
+ //
+ // The operation failed because it would exceed the limit for the number of
+ // versions you can have for a permission. To view the limits for your Amazon
+ // Web Services account, see the RAM page in the Service Quotas console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
+ ErrCodePermissionVersionsLimitExceededException = "PermissionVersionsLimitExceededException"
+
// ErrCodeResourceArnNotFoundException for service response error code
// "ResourceArnNotFoundException".
//
- // The specified Amazon Resource Name (ARN) was not found.
+ // The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // was not found.
ErrCodeResourceArnNotFoundException = "ResourceArnNotFoundException"
// ErrCodeResourceShareInvitationAlreadyAcceptedException for service response error code
// "ResourceShareInvitationAlreadyAcceptedException".
//
- // The specified invitation was already accepted.
+ // The operation failed because the specified invitation was already accepted.
ErrCodeResourceShareInvitationAlreadyAcceptedException = "ResourceShareInvitationAlreadyAcceptedException"
// ErrCodeResourceShareInvitationAlreadyRejectedException for service response error code
// "ResourceShareInvitationAlreadyRejectedException".
//
- // The specified invitation was already rejected.
+ // The operation failed because the specified invitation was already rejected.
ErrCodeResourceShareInvitationAlreadyRejectedException = "ResourceShareInvitationAlreadyRejectedException"
// ErrCodeResourceShareInvitationArnNotFoundException for service response error code
// "ResourceShareInvitationArnNotFoundException".
//
- // The specified Amazon Resource Name (ARN) for an invitation was not found.
+ // The operation failed because the specified Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // for an invitation was not found.
ErrCodeResourceShareInvitationArnNotFoundException = "ResourceShareInvitationArnNotFoundException"
// ErrCodeResourceShareInvitationExpiredException for service response error code
// "ResourceShareInvitationExpiredException".
//
- // The specified invitation is expired.
+ // The operation failed because the specified invitation is past its expiration
+ // date and time.
ErrCodeResourceShareInvitationExpiredException = "ResourceShareInvitationExpiredException"
// ErrCodeResourceShareLimitExceededException for service response error code
// "ResourceShareLimitExceededException".
//
- // This request would exceed the limit for resource shares for your account.
+ // The operation failed because it would exceed the limit for resource shares
+ // for your account. To view the limits for your Amazon Web Services account,
+ // see the RAM page in the Service Quotas console (https://console.aws.amazon.com/servicequotas/home/services/ram/quotas).
ErrCodeResourceShareLimitExceededException = "ResourceShareLimitExceededException"
// ErrCodeServerInternalException for service response error code
// "ServerInternalException".
//
- // The service could not respond to the request due to an internal problem.
+ // The operation failed because the service could not respond to the request
+ // due to an internal problem. Try again later.
ErrCodeServerInternalException = "ServerInternalException"
// ErrCodeServiceUnavailableException for service response error code
// "ServiceUnavailableException".
//
- // The service is not available.
+ // The operation failed because the service isn't available. Try again later.
ErrCodeServiceUnavailableException = "ServiceUnavailableException"
// ErrCodeTagLimitExceededException for service response error code
// "TagLimitExceededException".
//
- // This request would exceed the limit for tags for your account.
+ // The operation failed because it would exceed the limit for tags for your
+ // Amazon Web Services account.
ErrCodeTagLimitExceededException = "TagLimitExceededException"
// ErrCodeTagPolicyViolationException for service response error code
// "TagPolicyViolationException".
//
- // The specified tag key is a reserved word and can't be used.
+ // The operation failed because the specified tag key is a reserved word and
+ // can't be used.
ErrCodeTagPolicyViolationException = "TagPolicyViolationException"
// ErrCodeThrottlingException for service response error code
// "ThrottlingException".
//
- // You exceeded the rate at which you are allowed to perform this operation.
- // Please try again later.
+ // The operation failed because it exceeded the rate at which you are allowed
+ // to perform this operation. Please try again later.
ErrCodeThrottlingException = "ThrottlingException"
// ErrCodeUnknownResourceException for service response error code
// "UnknownResourceException".
//
- // A specified resource was not found.
+ // The operation failed because a specified resource couldn't be found.
ErrCodeUnknownResourceException = "UnknownResourceException"
+
+ // ErrCodeUnmatchedPolicyPermissionException for service response error code
+ // "UnmatchedPolicyPermissionException".
+ //
+ // There isn't an existing managed permission defined in RAM that has the same
+ // IAM permissions as the resource-based policy attached to the resource. You
+ // should first run PromotePermissionCreatedFromPolicy to create that managed
+ // permission.
+ ErrCodeUnmatchedPolicyPermissionException = "UnmatchedPolicyPermissionException"
)
var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
@@ -150,11 +208,16 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
"InvalidMaxResultsException": newErrorInvalidMaxResultsException,
"InvalidNextTokenException": newErrorInvalidNextTokenException,
"InvalidParameterException": newErrorInvalidParameterException,
+ "InvalidPolicyException": newErrorInvalidPolicyException,
"InvalidResourceTypeException": newErrorInvalidResourceTypeException,
"InvalidStateTransitionException": newErrorInvalidStateTransitionException,
"MalformedArnException": newErrorMalformedArnException,
+ "MalformedPolicyTemplateException": newErrorMalformedPolicyTemplateException,
"MissingRequiredParameterException": newErrorMissingRequiredParameterException,
"OperationNotPermittedException": newErrorOperationNotPermittedException,
+ "PermissionAlreadyExistsException": newErrorPermissionAlreadyExistsException,
+ "PermissionLimitExceededException": newErrorPermissionLimitExceededException,
+ "PermissionVersionsLimitExceededException": newErrorPermissionVersionsLimitExceededException,
"ResourceArnNotFoundException": newErrorResourceArnNotFoundException,
"ResourceShareInvitationAlreadyAcceptedException": newErrorResourceShareInvitationAlreadyAcceptedException,
"ResourceShareInvitationAlreadyRejectedException": newErrorResourceShareInvitationAlreadyRejectedException,
@@ -167,4 +230,5 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
"TagPolicyViolationException": newErrorTagPolicyViolationException,
"ThrottlingException": newErrorThrottlingException,
"UnknownResourceException": newErrorUnknownResourceException,
+ "UnmatchedPolicyPermissionException": newErrorUnmatchedPolicyPermissionException,
}
diff --git a/service/ram/ramiface/interface.go b/service/ram/ramiface/interface.go
index 7d469128a8a..2dd57fd1dd6 100644
--- a/service/ram/ramiface/interface.go
+++ b/service/ram/ramiface/interface.go
@@ -72,10 +72,26 @@ type RAMAPI interface {
AssociateResourceSharePermissionWithContext(aws.Context, *ram.AssociateResourceSharePermissionInput, ...request.Option) (*ram.AssociateResourceSharePermissionOutput, error)
AssociateResourceSharePermissionRequest(*ram.AssociateResourceSharePermissionInput) (*request.Request, *ram.AssociateResourceSharePermissionOutput)
+ CreatePermission(*ram.CreatePermissionInput) (*ram.CreatePermissionOutput, error)
+ CreatePermissionWithContext(aws.Context, *ram.CreatePermissionInput, ...request.Option) (*ram.CreatePermissionOutput, error)
+ CreatePermissionRequest(*ram.CreatePermissionInput) (*request.Request, *ram.CreatePermissionOutput)
+
+ CreatePermissionVersion(*ram.CreatePermissionVersionInput) (*ram.CreatePermissionVersionOutput, error)
+ CreatePermissionVersionWithContext(aws.Context, *ram.CreatePermissionVersionInput, ...request.Option) (*ram.CreatePermissionVersionOutput, error)
+ CreatePermissionVersionRequest(*ram.CreatePermissionVersionInput) (*request.Request, *ram.CreatePermissionVersionOutput)
+
CreateResourceShare(*ram.CreateResourceShareInput) (*ram.CreateResourceShareOutput, error)
CreateResourceShareWithContext(aws.Context, *ram.CreateResourceShareInput, ...request.Option) (*ram.CreateResourceShareOutput, error)
CreateResourceShareRequest(*ram.CreateResourceShareInput) (*request.Request, *ram.CreateResourceShareOutput)
+ DeletePermission(*ram.DeletePermissionInput) (*ram.DeletePermissionOutput, error)
+ DeletePermissionWithContext(aws.Context, *ram.DeletePermissionInput, ...request.Option) (*ram.DeletePermissionOutput, error)
+ DeletePermissionRequest(*ram.DeletePermissionInput) (*request.Request, *ram.DeletePermissionOutput)
+
+ DeletePermissionVersion(*ram.DeletePermissionVersionInput) (*ram.DeletePermissionVersionOutput, error)
+ DeletePermissionVersionWithContext(aws.Context, *ram.DeletePermissionVersionInput, ...request.Option) (*ram.DeletePermissionVersionOutput, error)
+ DeletePermissionVersionRequest(*ram.DeletePermissionVersionInput) (*request.Request, *ram.DeletePermissionVersionOutput)
+
DeleteResourceShare(*ram.DeleteResourceShareInput) (*ram.DeleteResourceShareOutput, error)
DeleteResourceShareWithContext(aws.Context, *ram.DeleteResourceShareInput, ...request.Option) (*ram.DeleteResourceShareOutput, error)
DeleteResourceShareRequest(*ram.DeleteResourceShareInput) (*request.Request, *ram.DeleteResourceShareOutput)
@@ -131,6 +147,13 @@ type RAMAPI interface {
ListPendingInvitationResourcesPages(*ram.ListPendingInvitationResourcesInput, func(*ram.ListPendingInvitationResourcesOutput, bool) bool) error
ListPendingInvitationResourcesPagesWithContext(aws.Context, *ram.ListPendingInvitationResourcesInput, func(*ram.ListPendingInvitationResourcesOutput, bool) bool, ...request.Option) error
+ ListPermissionAssociations(*ram.ListPermissionAssociationsInput) (*ram.ListPermissionAssociationsOutput, error)
+ ListPermissionAssociationsWithContext(aws.Context, *ram.ListPermissionAssociationsInput, ...request.Option) (*ram.ListPermissionAssociationsOutput, error)
+ ListPermissionAssociationsRequest(*ram.ListPermissionAssociationsInput) (*request.Request, *ram.ListPermissionAssociationsOutput)
+
+ ListPermissionAssociationsPages(*ram.ListPermissionAssociationsInput, func(*ram.ListPermissionAssociationsOutput, bool) bool) error
+ ListPermissionAssociationsPagesWithContext(aws.Context, *ram.ListPermissionAssociationsInput, func(*ram.ListPermissionAssociationsOutput, bool) bool, ...request.Option) error
+
ListPermissionVersions(*ram.ListPermissionVersionsInput) (*ram.ListPermissionVersionsOutput, error)
ListPermissionVersionsWithContext(aws.Context, *ram.ListPermissionVersionsInput, ...request.Option) (*ram.ListPermissionVersionsOutput, error)
ListPermissionVersionsRequest(*ram.ListPermissionVersionsInput) (*request.Request, *ram.ListPermissionVersionsOutput)
@@ -152,6 +175,13 @@ type RAMAPI interface {
ListPrincipalsPages(*ram.ListPrincipalsInput, func(*ram.ListPrincipalsOutput, bool) bool) error
ListPrincipalsPagesWithContext(aws.Context, *ram.ListPrincipalsInput, func(*ram.ListPrincipalsOutput, bool) bool, ...request.Option) error
+ ListReplacePermissionAssociationsWork(*ram.ListReplacePermissionAssociationsWorkInput) (*ram.ListReplacePermissionAssociationsWorkOutput, error)
+ ListReplacePermissionAssociationsWorkWithContext(aws.Context, *ram.ListReplacePermissionAssociationsWorkInput, ...request.Option) (*ram.ListReplacePermissionAssociationsWorkOutput, error)
+ ListReplacePermissionAssociationsWorkRequest(*ram.ListReplacePermissionAssociationsWorkInput) (*request.Request, *ram.ListReplacePermissionAssociationsWorkOutput)
+
+ ListReplacePermissionAssociationsWorkPages(*ram.ListReplacePermissionAssociationsWorkInput, func(*ram.ListReplacePermissionAssociationsWorkOutput, bool) bool) error
+ ListReplacePermissionAssociationsWorkPagesWithContext(aws.Context, *ram.ListReplacePermissionAssociationsWorkInput, func(*ram.ListReplacePermissionAssociationsWorkOutput, bool) bool, ...request.Option) error
+
ListResourceSharePermissions(*ram.ListResourceSharePermissionsInput) (*ram.ListResourceSharePermissionsOutput, error)
ListResourceSharePermissionsWithContext(aws.Context, *ram.ListResourceSharePermissionsInput, ...request.Option) (*ram.ListResourceSharePermissionsOutput, error)
ListResourceSharePermissionsRequest(*ram.ListResourceSharePermissionsInput) (*request.Request, *ram.ListResourceSharePermissionsOutput)
@@ -173,6 +203,10 @@ type RAMAPI interface {
ListResourcesPages(*ram.ListResourcesInput, func(*ram.ListResourcesOutput, bool) bool) error
ListResourcesPagesWithContext(aws.Context, *ram.ListResourcesInput, func(*ram.ListResourcesOutput, bool) bool, ...request.Option) error
+ PromotePermissionCreatedFromPolicy(*ram.PromotePermissionCreatedFromPolicyInput) (*ram.PromotePermissionCreatedFromPolicyOutput, error)
+ PromotePermissionCreatedFromPolicyWithContext(aws.Context, *ram.PromotePermissionCreatedFromPolicyInput, ...request.Option) (*ram.PromotePermissionCreatedFromPolicyOutput, error)
+ PromotePermissionCreatedFromPolicyRequest(*ram.PromotePermissionCreatedFromPolicyInput) (*request.Request, *ram.PromotePermissionCreatedFromPolicyOutput)
+
PromoteResourceShareCreatedFromPolicy(*ram.PromoteResourceShareCreatedFromPolicyInput) (*ram.PromoteResourceShareCreatedFromPolicyOutput, error)
PromoteResourceShareCreatedFromPolicyWithContext(aws.Context, *ram.PromoteResourceShareCreatedFromPolicyInput, ...request.Option) (*ram.PromoteResourceShareCreatedFromPolicyOutput, error)
PromoteResourceShareCreatedFromPolicyRequest(*ram.PromoteResourceShareCreatedFromPolicyInput) (*request.Request, *ram.PromoteResourceShareCreatedFromPolicyOutput)
@@ -181,6 +215,14 @@ type RAMAPI interface {
RejectResourceShareInvitationWithContext(aws.Context, *ram.RejectResourceShareInvitationInput, ...request.Option) (*ram.RejectResourceShareInvitationOutput, error)
RejectResourceShareInvitationRequest(*ram.RejectResourceShareInvitationInput) (*request.Request, *ram.RejectResourceShareInvitationOutput)
+ ReplacePermissionAssociations(*ram.ReplacePermissionAssociationsInput) (*ram.ReplacePermissionAssociationsOutput, error)
+ ReplacePermissionAssociationsWithContext(aws.Context, *ram.ReplacePermissionAssociationsInput, ...request.Option) (*ram.ReplacePermissionAssociationsOutput, error)
+ ReplacePermissionAssociationsRequest(*ram.ReplacePermissionAssociationsInput) (*request.Request, *ram.ReplacePermissionAssociationsOutput)
+
+ SetDefaultPermissionVersion(*ram.SetDefaultPermissionVersionInput) (*ram.SetDefaultPermissionVersionOutput, error)
+ SetDefaultPermissionVersionWithContext(aws.Context, *ram.SetDefaultPermissionVersionInput, ...request.Option) (*ram.SetDefaultPermissionVersionOutput, error)
+ SetDefaultPermissionVersionRequest(*ram.SetDefaultPermissionVersionInput) (*request.Request, *ram.SetDefaultPermissionVersionOutput)
+
TagResource(*ram.TagResourceInput) (*ram.TagResourceOutput, error)
TagResourceWithContext(aws.Context, *ram.TagResourceInput, ...request.Option) (*ram.TagResourceOutput, error)
TagResourceRequest(*ram.TagResourceInput) (*request.Request, *ram.TagResourceOutput)
diff --git a/service/rds/api.go b/service/rds/api.go
index 771d84902d4..caa8f119b2c 100644
--- a/service/rds/api.go
+++ b/service/rds/api.go
@@ -18793,8 +18793,12 @@ type CreateCustomDBEngineVersionInput struct {
// EngineVersion is a required field
EngineVersion *string `min:"1" type:"string" required:"true"`
- // The ID of the AMI. An AMI ID is required to create a CEV for RDS Custom for
- // SQL Server.
+ // The ID of the Amazon Machine Image (AMI). For RDS Custom for SQL Server,
+ // an AMI ID is required to create a CEV. For RDS Custom for Oracle, the default
+ // is the most recent AMI available, but you can specify an AMI ID that was
+ // used in a different Oracle CEV. Find the AMIs used by your CEVs by calling
+ // the DescribeDBEngineVersions (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBEngineVersions.html)
+ // operation.
ImageId *string `min:"1" type:"string"`
// The Amazon Web Services KMS key identifier for an encrypted CEV. A symmetric
@@ -20652,11 +20656,11 @@ type CreateDBClusterParameterGroupInput struct {
//
// Aurora MySQL
//
- // Example: aurora5.6, aurora-mysql5.7, aurora-mysql8.0
+ // Example: aurora-mysql5.7, aurora-mysql8.0
//
// Aurora PostgreSQL
//
- // Example: aurora-postgresql9.6
+ // Example: aurora-postgresql14
//
// RDS for MySQL
//
@@ -20682,9 +20686,7 @@ type CreateDBClusterParameterGroupInput struct {
//
// The following are the valid DB engine values:
//
- // * aurora (for MySQL 5.6-compatible Aurora)
- //
- // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)
+ // * aurora-mysql
//
// * aurora-postgresql
//
@@ -21398,11 +21400,9 @@ type CreateDBInstanceInput struct {
//
// Valid Values:
//
- // * aurora (for MySQL 5.6-compatible Aurora)
+ // * aurora-mysql (for Aurora MySQL DB instances)
//
- // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)
- //
- // * aurora-postgresql
+ // * aurora-postgresql (for Aurora PostgreSQL DB instances)
//
// * custom-oracle-ee (for RDS Custom for Oracle DB instances)
//
@@ -23195,9 +23195,7 @@ type CreateDBParameterGroupInput struct {
//
// The following are the valid DB engine values:
//
- // * aurora (for MySQL 5.6-compatible Aurora)
- //
- // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)
+ // * aurora-mysql
//
// * aurora-postgresql
//
@@ -26728,14 +26726,11 @@ type DBInstance struct {
// True if mapping of Amazon Web Services Identity and Access Management (IAM)
// accounts to database accounts is enabled, and otherwise false.
//
- // IAM database authentication can be enabled for the following database engines
- //
- // * For MySQL 5.6, minor version 5.6.34 or higher
+ // IAM database authentication can be enabled for the following database engines:
//
- // * For MySQL 5.7, minor version 5.7.16 or higher
+ // * For MySQL 5.7, minor version 5.7.16 or higher.
//
- // * Aurora 5.6 or higher. To enable IAM database authentication for Aurora,
- // see DBCluster Type.
+ // * For Amazon Aurora, all versions of Aurora MySQL and Aurora PostgreSQL.
IAMDatabaseAuthenticationEnabled *bool `type:"boolean"`
// Provides the date and time the DB instance was created.
@@ -32748,10 +32743,12 @@ type DescribeDBEngineVersionsInput struct {
//
// Valid Values:
//
- // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)
+ // * aurora-mysql
//
// * aurora-postgresql
//
+ // * custom-oracle-ee
+ //
// * mariadb
//
// * mysql
@@ -35103,8 +35100,6 @@ type DescribeEngineDefaultParametersInput struct {
//
// Valid Values:
//
- // * aurora5.6
- //
// * aurora-mysql5.7
//
// * aurora-mysql8.0
@@ -36415,10 +36410,12 @@ type DescribeOrderableDBInstanceOptionsInput struct {
//
// Valid Values:
//
- // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)
+ // * aurora-mysql
//
// * aurora-postgresql
//
+ // * custom-oracle-ee
+ //
// * mariadb
//
// * mysql
@@ -40354,16 +40351,11 @@ type ModifyDBClusterInput struct {
// must be running an engine version that's the same or later than the version
// you specify.
//
- // To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible)
- // and version 3 (MySQL 8.0-compatible), use the following command:
+ // To list all of the available engine versions for Aurora MySQL, use the following
+ // command:
//
// aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"
//
- // To list all of the available engine versions for MySQL 5.6-compatible Aurora,
- // use the following command:
- //
- // aws rds describe-db-engine-versions --engine aurora --query "DBEngineVersions[].EngineVersion"
- //
// To list all of the available engine versions for Aurora PostgreSQL, use the
// following command:
//
@@ -43351,20 +43343,14 @@ type ModifyGlobalClusterInput struct {
// this parameter results in an outage. The change is applied during the next
// maintenance window unless ApplyImmediately is enabled.
//
- // To list all of the available engine versions for aurora (for MySQL 5.6-compatible
- // Aurora), use the following command:
- //
- // aws rds describe-db-engine-versions --engine aurora --query '*[]|[?SupportsGlobalDatabases
- // == `true`].[EngineVersion]'
- //
- // To list all of the available engine versions for aurora-mysql (for MySQL
- // 5.7-compatible and MySQL 8.0-compatible Aurora), use the following command:
+ // To list all of the available engine versions for aurora-mysql (for MySQL-based
+ // Aurora global databases), use the following command:
//
// aws rds describe-db-engine-versions --engine aurora-mysql --query '*[]|[?SupportsGlobalDatabases
// == `true`].[EngineVersion]'
//
- // To list all of the available engine versions for aurora-postgresql, use the
- // following command:
+ // To list all of the available engine versions for aurora-postgresql (for PostgreSQL-based
+ // Aurora global databases), use the following command:
//
// aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[]|[?SupportsGlobalDatabases
// == `true`].[EngineVersion]'
@@ -47078,7 +47064,8 @@ type RestoreDBClusterFromS3Input struct {
DBClusterIdentifier *string `type:"string" required:"true"`
// The name of the DB cluster parameter group to associate with the restored
- // DB cluster. If this argument is omitted, default.aurora5.6 is used.
+ // DB cluster. If this argument is omitted, the default parameter group for
+ // the engine version is used.
//
// Constraints:
//
@@ -47135,16 +47122,15 @@ type RestoreDBClusterFromS3Input struct {
// The name of the database engine to be used for this DB cluster.
//
- // Valid Values: aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible
- // Aurora)
+ // Valid Values: aurora-mysql (for Aurora MySQL)
//
// Engine is a required field
Engine *string `type:"string" required:"true"`
// The version number of the database engine to use.
//
- // To list all of the available engine versions for aurora-mysql (MySQL 5.7-compatible
- // and MySQL 8.0-compatible Aurora), use the following command:
+ // To list all of the available engine versions for aurora-mysql (Aurora MySQL),
+ // use the following command:
//
// aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"
//
@@ -47814,8 +47800,7 @@ type RestoreDBClusterFromSnapshotInput struct {
// Engine is a required field
Engine *string `type:"string" required:"true"`
- // The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery,
- // global, or multimaster.
+ // The DB engine mode of the DB cluster, either provisioned or serverless.
//
// For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html).
//
@@ -47826,8 +47811,8 @@ type RestoreDBClusterFromSnapshotInput struct {
// don't specify an engine version, the default version for the database engine
// in the Amazon Web Services Region is used.
//
- // To list all of the available engine versions for MySQL 5.7-compatible and
- // MySQL 8.0-compatible Aurora, use the following command:
+ // To list all of the available engine versions for Aurora MySQL, use the following
+ // command:
//
// aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"
//
@@ -48558,9 +48543,6 @@ type RestoreDBClusterToPointInTimeInput struct {
// * copy-on-write - The new DB cluster is restored as a clone of the source
// DB cluster.
//
- // Constraints: You can't specify copy-on-write if the engine version of the
- // source DB cluster is earlier than 1.11.
- //
// If you don't specify a RestoreType value, then the new DB cluster is restored
// as a full copy of the source DB cluster.
//
diff --git a/service/rds/examples_test.go b/service/rds/examples_test.go
index 92590fe2c90..5f5d577c24f 100644
--- a/service/rds/examples_test.go
+++ b/service/rds/examples_test.go
@@ -556,8 +556,8 @@ func ExampleRDS_CreateBlueGreenDeployment_shared01() {
fmt.Println(result)
}
-// To create a MySQL 5.7--compatible DB cluster
-// The following example create a MySQL 5.7-compatible DB cluster.
+// To create a MySQL 5.7-compatible DB cluster
+// The following example creates a MySQL 5.7-compatible Aurora DB cluster.
func ExampleRDS_CreateDBCluster_shared00() {
svc := rds.New(session.New())
input := &rds.CreateDBClusterInput{
@@ -626,8 +626,8 @@ func ExampleRDS_CreateDBCluster_shared00() {
fmt.Println(result)
}
-// To create a PostgreSQL--compatible DB cluster
-// The following creates a PostgreSQL-compatible DB cluster.
+// To create a PostgreSQL-compatible DB cluster
+// The following example creates a PostgreSQL-compatible Aurora DB cluster.
func ExampleRDS_CreateDBCluster_shared01() {
svc := rds.New(session.New())
input := &rds.CreateDBClusterInput{
@@ -3099,7 +3099,7 @@ func ExampleRDS_ModifyDBClusterSnapshotAttribute_shared00() {
fmt.Println(result)
}
-// To modify parameters in a DB cluster parameter group
+// To modify a DB instance
// The following example associates an option group and a parameter group with a compatible
// Microsoft SQL Server DB instance. The ApplyImmediately parameter causes the option
// and parameter groups to be associated immediately, instead of waiting until the next
diff --git a/service/s3/api.go b/service/s3/api.go
index 66773d4aa2d..594fd3fe5ca 100644
--- a/service/s3/api.go
+++ b/service/s3/api.go
@@ -186,15 +186,9 @@ func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput)
// to complete. After Amazon S3 begins processing the request, it sends an HTTP
// response header that specifies a 200 OK response. While processing is in
// progress, Amazon S3 periodically sends white space characters to keep the
-// connection from timing out. A request could fail after the initial 200 OK
-// response has been sent. This means that a 200 OK response can contain either
-// a success or an error. If you call the S3 API directly, make sure to design
-// your application to parse the contents of the response and handle it appropriately.
-// If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs
-// detect the embedded error and apply error handling per your configuration
-// settings (including automatically retrying the request as appropriate). If
-// the condition persists, the SDKs throws an exception (or, for the SDKs that
-// don't use exceptions, they return the error).
+// connection from timing out. Because a request could fail after the initial
+// 200 OK response has been sent, it is important that you check the response
+// body to determine whether the request succeeded.
//
// Note that if CompleteMultipartUpload fails, applications should be prepared
// to retry the failed requests. For more information, see Amazon S3 Error Best
@@ -330,13 +324,8 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou
// action starts, you receive a standard Amazon S3 error. If the error occurs
// during the copy operation, the error response is embedded in the 200 OK response.
// This means that a 200 OK response can contain either a success or an error.
-// If you call the S3 API directly, make sure to design your application to
-// parse the contents of the response and handle it appropriately. If you use
-// Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the
-// embedded error and apply error handling per your configuration settings (including
-// automatically retrying the request as appropriate). If the condition persists,
-// the SDKs throws an exception (or, for the SDKs that don't use exceptions,
-// they return the error).
+// Design your application to parse the contents of the response and handle
+// it appropriately.
//
// If the copy is successful, you receive a response with information about
// the copied object.
@@ -371,9 +360,6 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou
// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition
// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html).
//
-// x-amz-website-redirect-location is unique to each object and must be specified
-// in the request headers to copy the value.
-//
// x-amz-copy-source-if Headers
//
// To only copy an object under certain conditions, such as whether the Etag
@@ -409,27 +395,13 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou
//
// # Server-side encryption
//
-// Amazon S3 automatically encrypts all new objects that are copied to an S3
-// bucket. When copying an object, if you don't specify encryption information
-// in your copy request, the encryption setting of the target object is set
-// to the default encryption configuration of the destination bucket. By default,
-// all buckets have a base level of encryption configuration that uses server-side
-// encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket
-// has a default encryption configuration that uses server-side encryption with
-// an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption
-// key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided
-// key to encrypt the target object copy. When you perform a CopyObject operation,
-// if you want to use a different type of encryption setting for the target
-// object, you can use other appropriate encryption-related headers to encrypt
-// the target object with a KMS key, an Amazon S3 managed key, or a customer-provided
-// key. With server-side encryption, Amazon S3 encrypts your data as it writes
-// it to disks in its data centers and decrypts the data when you access it.
-// If the encryption setting in your request is different from the default encryption
-// configuration of the destination bucket, the encryption setting in your request
-// takes precedence. If the source object for the copy is stored in Amazon S3
-// using SSE-C, you must provide the necessary encryption information in your
-// request so that Amazon S3 can decrypt the object for copying. For more information
-// about server-side encryption, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
+// When you perform a CopyObject operation, you can optionally use the appropriate
+// encryption-related headers to encrypt the object using server-side encryption
+// with Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS) or a
+// customer-provided encryption key. With server-side encryption, Amazon S3
+// encrypts your data as it writes it to disks in its data centers and decrypts
+// the data when you access it. For more information about server-side encryption,
+// see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
//
// If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the
// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
@@ -791,40 +763,22 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re
// parts and stop charging you for storing them only after you either complete
// or abort a multipart upload.
//
-// Server-side encryption is for data encryption at rest. Amazon S3 encrypts
-// your data as it writes it to disks in its data centers and decrypts it when
-// you access it. Amazon S3 automatically encrypts all new objects that are
-// uploaded to an S3 bucket. When doing a multipart upload, if you don't specify
-// encryption information in your request, the encryption setting of the uploaded
-// parts is set to the default encryption configuration of the destination bucket.
-// By default, all buckets have a base level of encryption configuration that
-// uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the
-// destination bucket has a default encryption configuration that uses server-side
-// encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided
-// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided
-// key to encrypt the uploaded parts. When you perform a CreateMultipartUpload
-// operation, if you want to use a different type of encryption setting for
-// the uploaded parts, you can request that Amazon S3 encrypts the object with
-// a KMS key, an Amazon S3 managed key, or a customer-provided key. If the encryption
-// setting in your request is different from the default encryption configuration
-// of the destination bucket, the encryption setting in your request takes precedence.
+// You can optionally request server-side encryption. For server-side encryption,
+// Amazon S3 encrypts your data as it writes it to disks in its data centers
+// and decrypts it when you access it. You can provide your own encryption key,
+// or use Amazon Web Services KMS keys or Amazon S3-managed encryption keys.
// If you choose to provide your own encryption key, the request headers you
// provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
// requests must match the headers you used in the request to initiate the upload
-// by using CreateMultipartUpload. you can request that Amazon S3 save the uploaded
-// parts encrypted with server-side encryption with an Amazon S3 managed key
-// (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided
-// encryption key (SSE-C).
+// by using CreateMultipartUpload.
//
-// To perform a multipart upload with encryption by using an Amazon Web Services
+// To perform a multipart upload with encryption using an Amazon Web Services
// KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey*
// actions on the key. These permissions are required because Amazon S3 must
// decrypt and read data from the encrypted file parts before it completes the
// multipart upload. For more information, see Multipart upload API and permissions
// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions)
-// and Protecting data using server-side encryption with Amazon Web Services
-// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html)
// in the Amazon S3 User Guide.
//
// If your Identity and Access Management (IAM) user or role is in the same
@@ -854,35 +808,32 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re
//
// # Server-Side- Encryption-Specific Request Headers
//
-// Amazon S3 encrypts data by using server-side encryption with an Amazon S3
-// managed key (SSE-S3) by default. Server-side encryption is for data encryption
-// at rest. Amazon S3 encrypts your data as it writes it to disks in its data
-// centers and decrypts it when you access it. You can request that Amazon S3
-// encrypts data at rest by using server-side encryption with other key options.
-// The option you use depends on whether you want to use KMS keys (SSE-KMS)
-// or provide your own encryption keys (SSE-C).
-//
-// - Use KMS keys (SSE-KMS) that include the Amazon Web Services managed
-// key (aws/s3) and KMS customer managed keys stored in Key Management Service
-// (KMS) – If you want Amazon Web Services to manage the keys used to encrypt
+// You can optionally tell Amazon S3 to encrypt data at rest using server-side
+// encryption. Server-side encryption is for data encryption at rest. Amazon
+// S3 encrypts your data as it writes it to disks in its data centers and decrypts
+// it when you access it. The option you use depends on whether you want to
+// use Amazon Web Services managed encryption keys or provide your own encryption
+// key.
+//
+// - Use encryption keys managed by Amazon S3 or customer managed key stored
+// in Amazon Web Services Key Management Service (Amazon Web Services KMS)
+// – If you want Amazon Web Services to manage the keys used to encrypt
// data, specify the following headers in the request. x-amz-server-side-encryption
// x-amz-server-side-encryption-aws-kms-key-id x-amz-server-side-encryption-context
// If you specify x-amz-server-side-encryption:aws:kms, but don't provide
// x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon
-// Web Services managed key (aws/s3 key) in KMS to protect the data. All
-// GET and PUT requests for an object protected by KMS fail if you don't
-// make them by using Secure Sockets Layer (SSL), Transport Layer Security
-// (TLS), or Signature Version 4. For more information about server-side
-// encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side
-// Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html).
-//
-// - Use customer-provided encryption keys (SSE-C) – If you want to manage
-// your own encryption keys, provide all the following headers in the request.
+// Web Services managed key in Amazon Web Services KMS to protect the data.
+// All GET and PUT requests for an object protected by Amazon Web Services
+// KMS fail if you don't make them with SSL or by using SigV4. For more information
+// about server-side encryption with KMS key (SSE-KMS), see Protecting Data
+// Using Server-Side Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html).
+//
+// - Use customer-provided encryption keys – If you want to manage your
+// own encryption keys, provide all the following headers in the request.
// x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key
// x-amz-server-side-encryption-customer-key-MD5 For more information about
-// server-side encryption with customer-provided encryption keys (SSE-C),
-// see Protecting data using server-side encryption with customer-provided
-// encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).
+// server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using
+// Server-Side Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html).
//
// # Access-Control-List (ACL)-Specific Request Headers
//
@@ -1266,10 +1217,9 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) (
// DeleteBucketEncryption API operation for Amazon Simple Storage Service.
//
-// This implementation of the DELETE action resets the default encryption for
-// the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3).
-// For information about the bucket default encryption feature, see Amazon S3
-// Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// This implementation of the DELETE action removes default encryption from
+// the bucket. For information about the Amazon S3 default encryption feature,
+// see Amazon S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
// in the Amazon S3 User Guide.
//
// To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration
@@ -2191,10 +2141,10 @@ func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request
// null version, Amazon S3 does not remove any objects but will still respond
// that the command was successful.
//
-// To remove a specific version, you must use the version Id subresource. Using
-// this subresource permanently deletes the version. If the object deleted is
-// a delete marker, Amazon S3 sets the response header, x-amz-delete-marker,
-// to true.
+// To remove a specific version, you must be the bucket owner and you must use
+// the version Id subresource. Using this subresource permanently deletes the
+// version. If the object deleted is a delete marker, Amazon S3 sets the response
+// header, x-amz-delete-marker, to true.
//
// If the object you want to delete is in a bucket where the bucket versioning
// configuration is MFA Delete enabled, you must include the x-amz-mfa request
@@ -2296,7 +2246,7 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r
// in the request. You will need permission for the s3:DeleteObjectVersionTagging
// action.
//
-// The following operations are related to DeleteObjectTagging:
+// The following operations are related to DeleteBucketMetricsConfiguration:
//
// - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
//
@@ -2684,9 +2634,6 @@ func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request
// is granted to the anonymous user, you can return the ACL of the bucket without
// using an authorization header.
//
-// To use this API against an access point, provide the alias of the access
-// point in place of the bucket name.
-//
// If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
// requests to read ACLs are still supported and return the bucket-owner-full-control
// ACL with the owner being the account that created the bucket. For more information,
@@ -2868,9 +2815,6 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque
// action. By default, the bucket owner has this permission and can grant it
// to others.
//
-// To use this API against an access point, provide the alias of the access
-// point in place of the bucket name.
-//
// For more information about CORS, see Enabling Cross-Origin Resource Sharing
// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html).
//
@@ -2951,12 +2895,12 @@ func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *r
// GetBucketEncryption API operation for Amazon Simple Storage Service.
//
-// Returns the default encryption configuration for an Amazon S3 bucket. By
-// default, all buckets have a default encryption configuration that uses server-side
-// encryption with Amazon S3 managed keys (SSE-S3). For information about the
-// bucket default encryption feature, see Amazon S3 Bucket Default Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
-// in the Amazon S3 User Guide.
+// Returns the default encryption configuration for an Amazon S3 bucket. If
+// the bucket does not have a default encryption configuration, GetBucketEncryption
+// returns ServerSideEncryptionConfigurationNotFoundError.
+//
+// For information about the Amazon S3 default encryption feature, see Amazon
+// S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html).
//
// To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration
// action. The bucket owner has this permission by default. The bucket owner
@@ -3449,10 +3393,6 @@ func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *reque
// To use this API against an access point, provide the alias of the access
// point in place of the bucket name.
//
-// For requests made using Amazon Web Services Signature Version 4 (SigV4),
-// we recommend that you use HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html)
-// to return the bucket Region instead of GetBucketLocation.
-//
// The following operations are related to GetBucketLocation:
//
// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
@@ -3531,7 +3471,7 @@ func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request
// GetBucketLogging API operation for Amazon Simple Storage Service.
//
// Returns the logging status of a bucket and the permissions users have to
-// view and modify that status.
+// view and modify that status. To use GET, you must be the bucket owner.
//
// The following operations are related to GetBucketLogging:
//
@@ -3795,9 +3735,6 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat
// to other users to read this configuration with the s3:GetBucketNotification
// permission.
//
-// To use this API against an access point, provide the alias of the access
-// point in place of the bucket name.
-//
// For more information about setting and reading the notification configuration
// on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
// For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
@@ -3975,9 +3912,6 @@ func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.R
// that owns a bucket can always use this operation, even if the policy explicitly
// denies the root user the ability to perform this action.
//
-// To use this API against an access point, provide the alias of the access
-// point in place of the bucket name.
-//
// For more information about bucket policies, see Using Bucket Policies and
// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
//
@@ -4608,7 +4542,7 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp
// Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering
// Deep Archive tiers, before you can retrieve the object you must first restore
// a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
-// Otherwise, this action returns an InvalidObjectState error. For information
+// Otherwise, this action returns an InvalidObjectStateError error. For information
// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html).
//
// Encryption request headers, like x-amz-server-side-encryption, should not
@@ -4655,9 +4589,7 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp
//
// - If you supply a versionId, you need the s3:GetObjectVersion permission
// to access a specific version of an object. If you request a specific version,
-// you do not need to have the s3:GetObject permission. If you request the
-// current version without a specific version ID, only s3:GetObject permission
-// is required. s3:GetObjectVersion permission won't be required.
+// you do not need to have the s3:GetObject permission.
//
// - If the current version of the object is a delete marker, Amazon S3 behaves
// as if the object was deleted and includes x-amz-delete-marker: true in
@@ -4903,9 +4835,10 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r
// This action is useful if you're interested only in an object's metadata.
// To use GetObjectAttributes, you must have READ access to the object.
//
-// GetObjectAttributes combines the functionality of HeadObject and ListParts.
-// All of the data returned with each of those individual calls can be returned
-// with a single call to GetObjectAttributes.
+// GetObjectAttributes combines the functionality of GetObjectAcl, GetObjectLegalHold,
+// GetObjectLockConfiguration, GetObjectRetention, GetObjectTagging, HeadObject,
+// and ListParts. All of the data returned with each of those individual calls
+// can be returned with a single call to GetObjectAttributes.
//
// If you encrypt an object by using server-side encryption with customer-provided
// encryption keys (SSE-C) when you store the object in Amazon S3, then when
@@ -4924,9 +4857,9 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r
// - Encryption request headers, such as x-amz-server-side-encryption, should
// not be sent for GET requests if your object uses server-side encryption
// with Amazon Web Services KMS keys stored in Amazon Web Services Key Management
-// Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys
-// (SSE-S3). If your object does use these types of keys, you'll get an HTTP
-// 400 Bad Request error.
+// Service (SSE-KMS) or server-side encryption with Amazon S3 managed encryption
+// keys (SSE-S3). If your object does use these types of keys, you'll get
+// an HTTP 400 Bad Request error.
//
// - The last modified property in this case is the creation date of the
// object.
@@ -5393,7 +5326,8 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request
// GetObjectTorrent API operation for Amazon Simple Storage Service.
//
// Returns torrent files from a bucket. BitTorrent can save you bandwidth when
-// you're distributing large files.
+// you're distributing large files. For more information about BitTorrent, see
+// Using BitTorrent with Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html).
//
// You can get torrent only for objects that are less than 5 GB in size, and
// that are not encrypted using server-side encryption with a customer-provided
@@ -5580,9 +5514,9 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou
// permission to access it.
//
// If the bucket does not exist or you do not have permission to access it,
-// the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404
-// Not Found code. A message body is not included, so you cannot determine the
-// exception beyond these error codes.
+// the HEAD request returns a generic 404 Not Found or 403 Forbidden code. A
+// message body is not included, so you cannot determine the exception beyond
+// these error codes.
//
// To use this operation, you must have permissions to perform the s3:ListBucket
// action. The bucket owner has this permission by default and can grant this
@@ -5679,9 +5613,9 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou
//
// A HEAD request has the same options as a GET action on an object. The response
// is identical to the GET response except that there is no response body. Because
-// of this, if the HEAD request generates an error, it returns a generic 400
-// Bad Request, 403 Forbidden or 404 Not Found code. It is not possible to retrieve
-// the exact exception beyond these error codes.
+// of this, if the HEAD request generates an error, it returns a generic 404
+// Not Found or 403 Forbidden code. It is not possible to retrieve the exact
+// exception beyond these error codes.
//
// If you encrypt an object by using server-side encryption with customer-provided
// encryption keys (SSE-C) when you store the object in Amazon S3, then when
@@ -6214,9 +6148,6 @@ func (c *S3) ListBucketsRequest(input *ListBucketsInput) (req *request.Request,
// Returns a list of all buckets owned by the authenticated sender of the request.
// To use this operation, you must have the s3:ListAllMyBuckets permission.
//
-// For information about Amazon S3 buckets, see Creating, configuring, and working
-// with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html).
-//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -7277,7 +7208,7 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request
// xsi:type="Group"><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
//
// - By Email address: <>Grantees@email.com<>&
+// xsi:type="AmazonCustomerByEmail"><>Grantees@email.com<>lt;/Grantee>
// The grantee is resolved to the CanonicalUser and, in a response to a GET
// Object acl request, appears as the CanonicalUser. Using email addresses
// to specify a grantee is only supported in the following Amazon Web Services
@@ -7610,15 +7541,15 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r
// PutBucketEncryption API operation for Amazon Simple Storage Service.
//
// This action uses the encryption subresource to configure default encryption
-// and Amazon S3 Bucket Keys for an existing bucket.
-//
-// By default, all buckets have a default encryption configuration that uses
-// server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally
-// configure default encryption for a bucket by using server-side encryption
-// with an Amazon Web Services KMS key (SSE-KMS) or a customer-provided key
-// (SSE-C). If you specify default encryption by using SSE-KMS, you can also
-// configure Amazon S3 Bucket Keys. For information about bucket default encryption,
-// see Amazon S3 bucket default encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// and Amazon S3 Bucket Key for an existing bucket.
+//
+// Default encryption for a bucket can use server-side encryption with Amazon
+// S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). If you specify
+// default encryption using SSE-KMS, you can also configure Amazon S3 Bucket
+// Key. When the default encryption is SSE-KMS, if you upload an object to the
+// bucket and do not specify the KMS key to use for encryption, Amazon S3 uses
+// the default Amazon Web Services managed KMS key for your account. For information
+// about default encryption, see Amazon S3 default bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
// in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see
// Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
// in the Amazon S3 User Guide.
@@ -7849,26 +7780,11 @@ func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryCon
// an example policy, see Granting Permissions for Amazon S3 Inventory and Storage
// Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
//
-// # Permissions
-//
-// To use this operation, you must have permission to perform the s3:PutInventoryConfiguration
+// To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration
// action. The bucket owner has this permission by default and can grant this
-// permission to others.
-//
-// The s3:PutInventoryConfiguration permission allows a user to create an S3
-// Inventory (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html)
-// report that includes all object metadata fields available and to specify
-// the destination bucket to store the inventory. A user with read access to
-// objects in the destination bucket can also access all object metadata fields
-// that are available in the inventory report.
-//
-// To restrict access to an inventory report, see Restricting access to an Amazon
-// S3 Inventory report (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10)
-// in the Amazon S3 User Guide. For more information about the metadata fields
-// available in S3 Inventory, see Amazon S3 Inventory lists (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents)
-// in the Amazon S3 User Guide. For more information about permissions, see
-// Permissions related to bucket subresource operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Identity and access management in Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
// in the Amazon S3 User Guide.
//
// Special Errors
@@ -9477,14 +9393,12 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp
// add an object to it.
//
// Amazon S3 never adds partial objects; if you receive a success response,
-// Amazon S3 added the entire object to the bucket. You cannot use PutObject
-// to only update a single piece of metadata for an existing object. You must
-// put the entire object with updated metadata if you want to update some values.
+// Amazon S3 added the entire object to the bucket.
//
// Amazon S3 is a distributed system. If it receives multiple write requests
// for the same object simultaneously, it overwrites all but the last object
-// written. To prevent objects from being deleted or overwritten, you can use
-// Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html).
+// written. Amazon S3 does not provide object locking; if you need this, make
+// sure to build it into your application layer or use versioning instead.
//
// To ensure that data is not corrupted traversing the network, use the Content-MD5
// header. When you use this header, Amazon S3 checks the object against the
@@ -9498,29 +9412,34 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp
// - To successfully change the objects acl of your PutObject request, you
// must have the s3:PutObjectAcl in your IAM permissions.
//
-// - To successfully set the tag-set with your PutObject request, you must
-// have the s3:PutObjectTagging in your IAM permissions.
-//
// - The Content-MD5 header is required for any request to upload an object
// with a retention period configured using Amazon S3 Object Lock. For more
// information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview
// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)
// in the Amazon S3 User Guide.
//
-// You have three mutually exclusive options to protect data using server-side
-// encryption in Amazon S3, depending on how you choose to manage the encryption
-// keys. Specifically, the encryption key options are Amazon S3 managed keys
-// (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and customer-provided keys
-// (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon
-// S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to
-// encrypt data at by rest using server-side encryption with other key options.
-// For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html).
-//
-// When adding a new object, you can use headers to grant ACL-based permissions
-// to individual Amazon Web Services accounts or to predefined groups defined
-// by Amazon S3. These permissions are then added to the ACL on the object.
-// By default, all objects are private. Only the owner has full access control.
-// For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// # Server-side Encryption
+//
+// You can optionally request server-side encryption. With server-side encryption,
+// Amazon S3 encrypts your data as it writes it to disks in its data centers
+// and decrypts the data when you access it. You have the option to provide
+// your own encryption key or use Amazon Web Services managed encryption keys
+// (SSE-S3 or SSE-KMS). For more information, see Using Server-Side Encryption
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html).
+//
+// If you request server-side encryption using Amazon Web Services Key Management
+// Service (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For
+// more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+// in the Amazon S3 User Guide.
+//
+// # Access Control List (ACL)-Specific Request Headers
+//
+// You can use headers to grant ACL- based permissions. By default, all objects
+// are private. Only the owner has full access control. When adding a new object,
+// you can grant permissions to individual Amazon Web Services accounts or to
+// predefined groups defined by Amazon S3. These permissions are then added
+// to the ACL on the object. For more information, see Access Control List (ACL)
+// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html).
//
// If the bucket that you're uploading objects to uses the bucket owner enforced
@@ -9530,15 +9449,18 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp
// as the bucket-owner-full-control canned ACL or an equivalent form of this
// ACL expressed in the XML format. PUT requests that contain other ACLs (for
// example, custom grants to certain Amazon Web Services accounts) fail and
-// return a 400 error with the error code AccessControlListNotSupported. For
-// more information, see Controlling ownership of objects and disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// return a 400 error with the error code AccessControlListNotSupported.
+//
+// For more information, see Controlling ownership of objects and disabling
+// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
// in the Amazon S3 User Guide.
//
// If your bucket uses the bucket owner enforced setting for Object Ownership,
// all objects written to the bucket by any account will be owned by the bucket
// owner.
//
+// # Storage Class Options
+//
// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
// objects. The STANDARD storage class provides high durability and high availability.
// Depending on performance needs, you can specify a different Storage Class.
@@ -9546,16 +9468,20 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp
// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
// in the Amazon S3 User Guide.
//
+// # Versioning
+//
// If you enable versioning for a bucket, Amazon S3 automatically generates
// a unique version ID for the object being stored. Amazon S3 returns this ID
// in the response. When you enable versioning for a bucket, if Amazon S3 receives
// multiple write requests for the same object simultaneously, it stores all
-// of the objects. For more information about versioning, see Adding Objects
-// to Versioning Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html).
+// of the objects.
+//
+// For more information about versioning, see Adding Objects to Versioning Enabled
+// Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html).
// For information about returning the versioning state of a bucket, see GetBucketVersioning
// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html).
//
-// For more information about related Amazon S3 APIs, see the following:
+// Related Resources
//
// - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
//
@@ -10292,10 +10218,27 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque
// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
// in the Amazon S3 User Guide.
//
-// For more information about the S3 structure in the request body, see the
-// following:
+// # Querying Archives with Select Requests
//
-// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+// You use a select type of request to perform SQL queries on archived objects.
+// The archived objects that are being queried by the select request must be
+// formatted as uncompressed comma-separated values (CSV) files. You can run
+// queries and custom analytics on your archived data without having to restore
+// your data to a hotter Amazon S3 tier. For an overview about select requests,
+// see Querying Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html)
+// in the Amazon S3 User Guide.
+//
+// When making a select request, do the following:
+//
+// - Define an output location for the select query's output. This must be
+// an Amazon S3 bucket in the same Amazon Web Services Region as the bucket
+// that contains the archive object that is being queried. The Amazon Web
+// Services account that initiates the job must have permissions to write
+// to the S3 bucket. You can specify the storage class and encryption for
+// the output objects stored in the bucket. For more information about output,
+// see Querying Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html)
+// in the Amazon S3 User Guide. For more information about the S3 structure
+// in the request body, see the following: PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
// Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
// in the Amazon S3 User Guide Protecting Data Using Server-Side Encryption
// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
@@ -10313,6 +10256,10 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque
// the query.) You cannot mix ordinal positions with header column names.
// SELECT s.Id, s.FirstName, s.SSN FROM S3Object s
//
+// For more information about using SQL with S3 Glacier Select restore, see
+// SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html)
+// in the Amazon S3 User Guide.
+//
// When making a select request, you can also do the following:
//
// - To expedite your queries, specify the Expedited tier. For more information
@@ -10329,61 +10276,56 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque
// policy.
//
// - You can issue more than one select request on the same Amazon S3 object.
-// Amazon S3 doesn't duplicate requests, so avoid issuing duplicate requests.
+// Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests.
//
// - Amazon S3 accepts a select request even if the object has already been
// restored. A select request doesn’t return error response 409.
//
// # Restoring objects
//
-// Objects that you archive to the S3 Glacier Flexible Retrieval or S3 Glacier
-// Deep Archive storage class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering
-// Deep Archive tiers, are not accessible in real time. For objects in the S3
-// Glacier Flexible Retrieval or S3 Glacier Deep Archive storage classes, you
-// must first initiate a restore request, and then wait until a temporary copy
-// of the object is available. If you want a permanent copy of the object, create
-// a copy of it in the Amazon S3 Standard storage class in your S3 bucket. To
-// access an archived object, you must restore the object for the duration (number
-// of days) that you specify. For objects in the Archive Access or Deep Archive
-// Access tiers of S3 Intelligent-Tiering, you must first initiate a restore
-// request, and then wait until the object is moved into the Frequent Access
-// tier.
+// Objects that you archive to the S3 Glacier or S3 Glacier Deep Archive storage
+// class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep
+// Archive tiers are not accessible in real time. For objects in Archive Access
+// or Deep Archive Access tiers you must first initiate a restore request, and
+// then wait until the object is moved into the Frequent Access tier. For objects
+// in S3 Glacier or S3 Glacier Deep Archive storage classes you must first initiate
+// a restore request, and then wait until a temporary copy of the object is
+// available. To access an archived object, you must restore the object for
+// the duration (number of days) that you specify.
//
// To restore a specific object version, you can provide a version ID. If you
// don't provide a version ID, Amazon S3 restores the current version.
//
-// When restoring an archived object, you can specify one of the following data
-// access tier options in the Tier element of the request body:
+// When restoring an archived object (or using a select request), you can specify
+// one of the following data access tier options in the Tier element of the
+// request body:
//
// - Expedited - Expedited retrievals allow you to quickly access your data
-// stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering
-// Archive tier when occasional urgent requests for a subset of archives
-// are required. For all but the largest archived objects (250 MB+), data
-// accessed using Expedited retrievals is typically made available within
-// 1–5 minutes. Provisioned capacity ensures that retrieval capacity for
-// Expedited retrievals is available when you need it. Expedited retrievals
-// and provisioned capacity are not available for objects stored in the S3
-// Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive
-// tier.
+// stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive
+// tier when occasional urgent requests for a subset of archives are required.
+// For all but the largest archived objects (250 MB+), data accessed using
+// Expedited retrievals is typically made available within 1–5 minutes.
+// Provisioned capacity ensures that retrieval capacity for Expedited retrievals
+// is available when you need it. Expedited retrievals and provisioned capacity
+// are not available for objects stored in the S3 Glacier Deep Archive storage
+// class or S3 Intelligent-Tiering Deep Archive tier.
//
// - Standard - Standard retrievals allow you to access any of your archived
// objects within several hours. This is the default option for retrieval
// requests that do not specify the retrieval option. Standard retrievals
// typically finish within 3–5 hours for objects stored in the S3 Glacier
-// Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier.
-// They typically finish within 12 hours for objects stored in the S3 Glacier
+// storage class or S3 Intelligent-Tiering Archive tier. They typically finish
+// within 12 hours for objects stored in the S3 Glacier Deep Archive storage
+// class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals
+// are free for objects stored in S3 Intelligent-Tiering.
+//
+// - Bulk - Bulk retrievals are the lowest-cost retrieval option in S3 Glacier,
+// enabling you to retrieve large amounts, even petabytes, of data inexpensively.
+// Bulk retrievals typically finish within 5–12 hours for objects stored
+// in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier.
+// They typically finish within 48 hours for objects stored in the S3 Glacier
// Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.
-// Standard retrievals are free for objects stored in S3 Intelligent-Tiering.
-//
-// - Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible
-// Retrieval and S3 Intelligent-Tiering storage classes, enabling you to
-// retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals
-// typically finish within 5–12 hours for objects stored in the S3 Glacier
-// Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier.
-// Bulk retrievals are also the lowest-cost retrieval option when restoring
-// objects from S3 Glacier Deep Archive. They typically finish within 48
-// hours for objects stored in the S3 Glacier Deep Archive storage class
-// or S3 Intelligent-Tiering Deep Archive tier.
+// Bulk retrievals are free for objects stored in S3 Intelligent-Tiering.
//
// For more information about archive retrieval options and provisioned capacity
// for Expedited data access, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
@@ -10444,6 +10386,9 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque
//
// - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
//
+// - SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html)
+// in the Amazon S3 User Guide
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -10544,6 +10489,10 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r
// and SELECT Command (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html)
// in the Amazon S3 User Guide.
//
+// For more information about using SQL with Amazon S3 Select, see SQL Reference
+// for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html)
+// in the Amazon S3 User Guide.
+//
// # Permissions
//
// You must have s3:GetObject permission for this operation. Amazon S3 Select
@@ -10573,10 +10522,10 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r
// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
// in the Amazon S3 User Guide. For objects that are encrypted with Amazon
-// S3 managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side
-// encryption is handled transparently, so you don't need to specify anything.
-// For more information about server-side encryption, including SSE-S3 and
-// SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+// S3 managed encryption keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS),
+// server-side encryption is handled transparently, so you don't need to
+// specify anything. For more information about server-side encryption, including
+// SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
// in the Amazon S3 User Guide.
//
// # Working with the Response Body
@@ -10898,32 +10847,24 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou
// go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
// in the Amazon S3 User Guide.
//
-// Server-side encryption is for data encryption at rest. Amazon S3 encrypts
-// your data as it writes it to disks in its data centers and decrypts it when
-// you access it. You have three mutually exclusive options to protect data
-// using server-side encryption in Amazon S3, depending on how you choose to
-// manage the encryption keys. Specifically, the encryption key options are
-// Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS),
-// and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side
-// encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally
-// tell Amazon S3 to encrypt data at rest using server-side encryption with
-// other key options. The option you use depends on whether you want to use
-// KMS keys (SSE-KMS) or provide your own encryption key (SSE-C). If you choose
-// to provide your own encryption key, the request headers you provide in the
-// request must match the headers you used in the request to initiate the upload
-// by using CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
+// You can optionally request server-side encryption where Amazon S3 encrypts
+// your data as it writes it to disks in its data centers and decrypts it for
+// you when you access it. You have the option of providing your own encryption
+// key, or you can use the Amazon Web Services managed encryption keys. If you
+// choose to provide your own encryption key, the request headers you provide
+// in the request must match the headers you used in the request to initiate
+// the upload by using CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
// For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
// in the Amazon S3 User Guide.
//
// Server-side encryption is supported by the S3 Multipart Upload actions. Unless
-// you are using a customer-provided encryption key (SSE-C), you don't need
-// to specify the encryption parameters in each UploadPart request. Instead,
-// you only need to specify the server-side encryption parameters in the initial
-// Initiate Multipart request. For more information, see CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
+// you are using a customer-provided encryption key, you don't need to specify
+// the encryption parameters in each UploadPart request. Instead, you only need
+// to specify the server-side encryption parameters in the initial Initiate
+// Multipart request. For more information, see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
//
// If you requested server-side encryption using a customer-provided encryption
-// key (SSE-C) in your initiate multipart upload request, you must provide identical
+// key in your initiate multipart upload request, you must provide identical
// encryption information in each part upload using the following headers.
//
// - x-amz-server-side-encryption-customer-algorithm
@@ -11310,12 +11251,12 @@ type AbortMultipartUploadInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -12320,9 +12261,7 @@ type CSVInput struct {
// A single character used to indicate that a row should be ignored when the
// character is present at the start of that row. You can specify any character
- // to indicate a comment line. The default character is #.
- //
- // Default: #
+ // to indicate a comment line.
Comments *string `type:"string"`
// A single character used to separate individual fields in a record. You can
@@ -12699,12 +12638,12 @@ type CompleteMultipartUploadInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -12961,12 +12900,12 @@ type CompleteMultipartUploadOutput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
Bucket *string `type:"string"`
@@ -13031,16 +12970,18 @@ type CompleteMultipartUploadOutput struct {
RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
// If present, specifies the ID of the Amazon Web Services Key Management Service
- // (Amazon Web Services KMS) symmetric encryption customer managed key that
- // was used for the object.
+ // (Amazon Web Services KMS) symmetric customer managed key that was used for
+ // the object.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CompleteMultipartUploadOutput's
// String and GoString methods.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The server-side encryption algorithm used when storing this object in Amazon
- // S3 (for example, AES256, aws:kms).
+ // If you specified server-side encryption either with an Amazon S3-managed
+ // encryption key or an Amazon Web Services KMS key in your initiate multipart
+ // upload request, the response includes this header. It confirms the encryption
+ // algorithm that Amazon S3 used to encrypt the object.
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
// Version ID of the newly created object, in case the bucket has versioning
@@ -13406,12 +13347,12 @@ type CopyObjectInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -13639,9 +13580,7 @@ type CopyObjectInput struct {
// If the bucket is configured as a website, redirects requests for this object
// to another object in the same bucket or to an external URL. Amazon S3 stores
- // the value of this header in the object metadata. This value is unique to
- // each object and is not copied when using the x-amz-metadata-directive header.
- // Instead, you may opt to provide this header in combination with the directive.
+ // the value of this header in the object metadata.
WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
}
@@ -14022,8 +13961,8 @@ type CopyObjectOutput struct {
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
// If present, specifies the ID of the Amazon Web Services Key Management Service
- // (Amazon Web Services KMS) symmetric encryption customer managed key that
- // was used for the object.
+ // (Amazon Web Services KMS) symmetric customer managed key that was used for
+ // the object.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CopyObjectOutput's
@@ -14552,12 +14491,12 @@ type CreateMultipartUploadInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -14675,12 +14614,12 @@ type CreateMultipartUploadInput struct {
// String and GoString methods.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
- // Specifies the ID of the symmetric encryption customer managed key to use
- // for object encryption. All GET and PUT requests for an object protected by
- // Amazon Web Services KMS will fail if not made via SSL or using SigV4. For
- // information about configuring using any of the officially supported Amazon
- // Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature
- // Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
+ // Specifies the ID of the symmetric customer managed key to use for object
+ // encryption. All GET and PUT requests for an object protected by Amazon Web
+ // Services KMS will fail if not made via SSL or using SigV4. For information
+ // about configuring using any of the officially supported Amazon Web Services
+ // SDKs and Amazon Web Services CLI, see Specifying the Signature Version in
+ // Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
// in the Amazon S3 User Guide.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
@@ -14999,12 +14938,12 @@ type CreateMultipartUploadOutput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
Bucket *string `locationName:"Bucket" type:"string"`
@@ -15042,8 +14981,8 @@ type CreateMultipartUploadOutput struct {
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
// If present, specifies the ID of the Amazon Web Services Key Management Service
- // (Amazon Web Services KMS) symmetric encryption customer managed key that
- // was used for the object.
+ // (Amazon Web Services KMS) symmetric customer managed key that was used for
+ // the object.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateMultipartUploadOutput's
@@ -16123,8 +16062,7 @@ type DeleteBucketMetricsConfigurationInput struct {
// (access denied).
ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
- // The ID used to identify the metrics configuration. The ID has a 64 character
- // limit and can only contain letters, numbers, periods, dashes, and underscores.
+ // The ID used to identify the metrics configuration.
//
// Id is a required field
Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
@@ -16970,12 +16908,12 @@ type DeleteObjectInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -17193,12 +17131,12 @@ type DeleteObjectTaggingInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -17360,12 +17298,12 @@ type DeleteObjectsInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -17933,9 +17871,9 @@ type Encryption struct {
KMSContext *string `type:"string"`
// If the encryption type is aws:kms, this optional value specifies the ID of
- // the symmetric encryption customer managed key to use for encryption of job
- // results. Amazon S3 only supports symmetric encryption KMS keys. For more
- // information, see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+ // the symmetric customer managed key to use for encryption of job results.
+ // Amazon S3 only supports symmetric keys. For more information, see Using symmetric
+ // and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
// in the Amazon Web Services Key Management Service Developer Guide.
//
// KMSKeyId is a sensitive parameter and its value will be
@@ -18001,8 +17939,8 @@ type EncryptionConfiguration struct {
// Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web
// Services KMS key stored in Amazon Web Services Key Management Service (KMS)
// for the destination bucket. Amazon S3 uses this key to encrypt replica objects.
- // Amazon S3 only supports symmetric encryption KMS keys. For more information,
- // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+ // Amazon S3 only supports symmetric, customer managed KMS keys. For more information,
+ // see Using symmetric and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
// in the Amazon Web Services Key Management Service Developer Guide.
ReplicaKmsKeyID *string `type:"string"`
}
@@ -18403,8 +18341,8 @@ type Error struct {
// and SOAP Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html)
// for details. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
//
- // * Code: ServiceUnavailable Description: Service is unable to handle request.
- // HTTP Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server
+ // * Code: ServiceUnavailable Description: Reduce your request rate. HTTP
+ // Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server
//
// * Code: SlowDown Description: Reduce your request rate. HTTP Status Code:
// 503 Slow Down SOAP Fault Code Prefix: Server
@@ -18572,8 +18510,6 @@ func (s EventBridgeConfiguration) GoString() string {
type ExistingObjectReplication struct {
_ struct{} `type:"structure"`
- // Specifies whether Amazon S3 replicates existing source bucket objects.
- //
// Status is a required field
Status *string `type:"string" required:"true" enum:"ExistingObjectReplicationStatus"`
}
@@ -20097,8 +20033,7 @@ type GetBucketMetricsConfigurationInput struct {
// (access denied).
ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
- // The ID used to identify the metrics configuration. The ID has a 64 character
- // limit and can only contain letters, numbers, periods, dashes, and underscores.
+ // The ID used to identify the metrics configuration.
//
// Id is a required field
Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
@@ -21563,12 +21498,12 @@ type GetObjectAttributesInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -21982,12 +21917,12 @@ type GetObjectInput struct {
//
// When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -22031,8 +21966,8 @@ type GetObjectInput struct {
PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"`
// Downloads the specified range bytes of an object. For more information about
- // the HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range
- // (https://www.rfc-editor.org/rfc/rfc9110.html#name-range).
+ // the HTTP Range header, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
+ // (https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35).
//
// Amazon S3 doesn't support retrieving multiple ranges of data per GET request.
Range *string `location:"header" locationName:"Range" type:"string"`
@@ -22734,8 +22669,8 @@ type GetObjectOutput struct {
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// If present, specifies the ID of the Amazon Web Services Key Management Service
- // (Amazon Web Services KMS) symmetric encryption customer managed key that
- // was used for the object.
+ // (Amazon Web Services KMS) symmetric customer managed key that was used for
+ // the object.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by GetObjectOutput's
@@ -23180,12 +23115,12 @@ type GetObjectTaggingInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -23872,12 +23807,12 @@ type HeadBucketInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -24003,12 +23938,12 @@ type HeadObjectInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -24053,9 +23988,8 @@ type HeadObjectInput struct {
// object.
PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"`
- // HeadObject returns only the metadata for an object. If the Range is satisfiable,
- // only the ContentLength is affected in the response. If the Range is not satisfiable,
- // S3 returns a 416 - Requested Range Not Satisfiable error.
+ // Because HeadObject returns only the metadata for an object, this parameter
+ // has no effect.
Range *string `location:"header" locationName:"Range" type:"string"`
// Confirms that the requester knows that they will be charged for the request.
@@ -24443,16 +24377,18 @@ type HeadObjectOutput struct {
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// If present, specifies the ID of the Amazon Web Services Key Management Service
- // (Amazon Web Services KMS) symmetric encryption customer managed key that
- // was used for the object.
+ // (Amazon Web Services KMS) symmetric customer managed key that was used for
+ // the object.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by HeadObjectOutput's
// String and GoString methods.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The server-side encryption algorithm used when storing this object in Amazon
- // S3 (for example, AES256, aws:kms).
+ // If the object is stored using server-side encryption either with an Amazon
+ // Web Services KMS key or an Amazon S3-managed encryption key, the response
+ // includes this header with the value of the server-side encryption algorithm
+ // used when storing this object in Amazon S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
// Provides storage class information of the object. Amazon S3 returns this
@@ -25734,9 +25670,6 @@ func (s *LambdaFunctionConfiguration) SetLambdaFunctionArn(v string) *LambdaFunc
}
// Container for lifecycle rules. You can add as many as 1000 rules.
-//
-// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
-// in the Amazon S3 User Guide.
type LifecycleConfiguration struct {
_ struct{} `type:"structure"`
@@ -25794,9 +25727,6 @@ func (s *LifecycleConfiguration) SetRules(v []*Rule) *LifecycleConfiguration {
}
// Container for the expiration for the lifecycle of the object.
-//
-// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
-// in the Amazon S3 User Guide.
type LifecycleExpiration struct {
_ struct{} `type:"structure"`
@@ -25852,9 +25782,6 @@ func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExp
}
// A lifecycle rule for individual objects in an Amazon S3 bucket.
-//
-// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
-// in the Amazon S3 User Guide.
type LifecycleRule struct {
_ struct{} `type:"structure"`
@@ -26915,12 +26842,12 @@ type ListMultipartUploadsInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -27588,12 +27515,12 @@ type ListObjectsInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -27899,12 +27826,12 @@ type ListObjectsV2Input struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -28125,8 +28052,8 @@ type ListObjectsV2Output struct {
IsTruncated *bool `type:"boolean"`
// KeyCount is the number of keys returned with this request. KeyCount will
- // always be less than or equal to the MaxKeys field. Say you ask for 50 keys,
- // your result will include 50 keys or fewer.
+ // always be less than or equals to MaxKeys field. Say you ask for 50 keys,
+ // your result will include less than equals 50 keys
KeyCount *int64 `type:"integer"`
// Sets the maximum number of keys returned in the response. By default the
@@ -28143,12 +28070,12 @@ type ListObjectsV2Output struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
Name *string `type:"string"`
@@ -28267,12 +28194,12 @@ type ListPartsInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -29079,8 +29006,7 @@ type MetricsConfiguration struct {
// prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator).
Filter *MetricsFilter `type:"structure"`
- // The ID used to identify the metrics configuration. The ID has a 64 character
- // limit and can only contain letters, numbers, periods, dashes, and underscores.
+ // The ID used to identify the metrics configuration.
//
// Id is a required field
Id *string `type:"string" required:"true"`
@@ -30227,24 +30153,7 @@ func (s *OutputSerialization) SetJSON(v *JSONOutput) *OutputSerialization {
type Owner struct {
_ struct{} `type:"structure"`
- // Container for the display name of the owner. This value is only supported
- // in the following Amazon Web Services Regions:
- //
- // * US East (N. Virginia)
- //
- // * US West (N. California)
- //
- // * US West (Oregon)
- //
- // * Asia Pacific (Singapore)
- //
- // * Asia Pacific (Sydney)
- //
- // * Asia Pacific (Tokyo)
- //
- // * Europe (Ireland)
- //
- // * South America (São Paulo)
+ // Container for the display name of the owner.
DisplayName *string `type:"string"`
// Container for the ID of the owner.
@@ -31455,12 +31364,9 @@ type PutBucketEncryptionInput struct {
_ struct{} `locationName:"PutBucketEncryptionRequest" type:"structure" payload:"ServerSideEncryptionConfiguration"`
// Specifies default encryption for a bucket using server-side encryption with
- // different key options. By default, all buckets have a default encryption
- // configuration that uses server-side encryption with Amazon S3 managed keys
- // (SSE-S3). You can optionally configure default encryption for a bucket by
- // using server-side encryption with an Amazon Web Services KMS key (SSE-KMS)
- // or a customer-provided key (SSE-C). For information about the bucket default
- // encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+ // Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). For information
+ // about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket
+ // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -32098,9 +32004,6 @@ type PutBucketLifecycleInput struct {
ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
// Container for lifecycle rules. You can add as many as 1000 rules.
- //
- // For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
- // in the Amazon S3 User Guide.
LifecycleConfiguration *LifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
}
@@ -32398,8 +32301,7 @@ type PutBucketMetricsConfigurationInput struct {
// (access denied).
ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
- // The ID used to identify the metrics configuration. The ID has a 64 character
- // limit and can only contain letters, numbers, periods, dashes, and underscores.
+ // The ID used to identify the metrics configuration.
//
// Id is a required field
Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
@@ -34051,12 +33953,12 @@ type PutObjectAclInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Key is a required field
@@ -34283,12 +34185,12 @@ type PutObjectInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -34354,21 +34256,21 @@ type PutObjectInput struct {
ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
// Specifies presentational information for the object. For more information,
- // see https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4).
+ // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1).
ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
// Specifies what content encodings have been applied to the object and thus
// what decoding mechanisms must be applied to obtain the media-type referenced
- // by the Content-Type header field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding
- // (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding).
+ // by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
+ // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11).
ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
// The language the content is in.
ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
// Size of the body in bytes. This parameter is useful when the size of the
- // body cannot be determined automatically. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length
- // (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length).
+ // body cannot be determined automatically. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13
+ // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13).
ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
// The base64-encoded 128-bit MD5 digest of the message (without the headers)
@@ -34380,7 +34282,7 @@ type PutObjectInput struct {
ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
// A standard MIME type describing the format of the contents. For more information,
- // see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type).
+ // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17).
ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -34389,7 +34291,7 @@ type PutObjectInput struct {
ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
// The date and time at which the object is no longer cacheable. For more information,
- // see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3).
+ // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21).
Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"`
// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
@@ -34460,18 +34362,16 @@ type PutObjectInput struct {
// Specifies the Amazon Web Services KMS Encryption Context to use for object
// encryption. The value of this header is a base64-encoded UTF-8 string holding
- // JSON with the encryption context key-value pairs. This value is stored as
- // object metadata and automatically gets passed on to Amazon Web Services KMS
- // for future GetObject or CopyObject operations on this object.
+ // JSON with the encryption context key-value pairs.
//
// SSEKMSEncryptionContext is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by PutObjectInput's
// String and GoString methods.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
- // If x-amz-server-side-encryption has a valid value of aws:kms, this header
- // specifies the ID of the Amazon Web Services Key Management Service (Amazon
- // Web Services KMS) symmetric encryption customer managed key that was used
+ // If x-amz-server-side-encryption is present and has the value of aws:kms,
+ // this header specifies the ID of the Amazon Web Services Key Management Service
+ // (Amazon Web Services KMS) symmetrical customer managed key that was used
// for the object. If you specify x-amz-server-side-encryption:aws:kms, but
// do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses
// the Amazon Web Services managed key to protect the data. If the KMS key does
@@ -35282,27 +35182,27 @@ type PutObjectOutput struct {
// If present, specifies the Amazon Web Services KMS Encryption Context to use
// for object encryption. The value of this header is a base64-encoded UTF-8
- // string holding JSON with the encryption context key-value pairs. This value
- // is stored as object metadata and automatically gets passed on to Amazon Web
- // Services KMS for future GetObject or CopyObject operations on this object.
+ // string holding JSON with the encryption context key-value pairs.
//
// SSEKMSEncryptionContext is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by PutObjectOutput's
// String and GoString methods.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
- // If x-amz-server-side-encryption is has a valid value of aws:kms, this header
- // specifies the ID of the Amazon Web Services Key Management Service (Amazon
- // Web Services KMS) symmetric encryption customer managed key that was used
- // for the object.
+ // If x-amz-server-side-encryption is present and has the value of aws:kms,
+ // this header specifies the ID of the Amazon Web Services Key Management Service
+ // (Amazon Web Services KMS) symmetric customer managed key that was used for
+ // the object.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by PutObjectOutput's
// String and GoString methods.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The server-side encryption algorithm used when storing this object in Amazon
- // S3 (for example, AES256, aws:kms).
+ // If you specified server-side encryption either with an Amazon Web Services
+ // KMS key or Amazon S3-managed encryption key in your PUT request, the response
+ // includes this header. It confirms the encryption algorithm that Amazon S3
+ // used to encrypt the object.
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
// Version of the object.
@@ -35643,12 +35543,12 @@ type PutObjectTaggingInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -37029,12 +36929,12 @@ type RestoreObjectInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -37570,8 +37470,8 @@ type SSEKMS struct {
_ struct{} `locationName:"SSE-KMS" type:"structure"`
// Specifies the ID of the Amazon Web Services Key Management Service (Amazon
- // Web Services KMS) symmetric encryption customer managed key to use for encrypting
- // inventory reports.
+ // Web Services KMS) symmetric customer managed key to use for encrypting inventory
+ // reports.
//
// KeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by SSEKMS's
@@ -38267,8 +38167,8 @@ type ServerSideEncryptionByDefault struct {
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
- // Amazon S3 only supports symmetric encryption KMS keys. For more information,
- // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+ // Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For
+ // more information, see Using symmetric and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
// in the Amazon Web Services Key Management Service Developer Guide.
//
// KMSMasterKeyID is a sensitive parameter and its value will be
@@ -39273,12 +39173,12 @@ type UploadPartCopyInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -39650,8 +39550,8 @@ type UploadPartCopyOutput struct {
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// If present, specifies the ID of the Amazon Web Services Key Management Service
- // (Amazon Web Services KMS) symmetric encryption customer managed key that
- // was used for the object.
+ // (Amazon Web Services KMS) symmetric customer managed key that was used for
+ // the object.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by UploadPartCopyOutput's
@@ -39744,12 +39644,12 @@ type UploadPartInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -40108,8 +40008,8 @@ type UploadPartOutput struct {
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// If present, specifies the ID of the Amazon Web Services Key Management Service
- // (Amazon Web Services KMS) symmetric encryption customer managed key was used
- // for the object.
+ // (Amazon Web Services KMS) symmetric customer managed key was used for the
+ // object.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by UploadPartOutput's
@@ -40528,8 +40428,8 @@ type WriteGetObjectResponseInput struct {
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// If present, specifies the ID of the Amazon Web Services Key Management Service
- // (Amazon Web Services KMS) symmetric encryption customer managed key that
- // was used for stored in Amazon S3 object.
+ // (Amazon Web Services KMS) symmetric customer managed key that was used for
+ // stored in Amazon S3 object.
//
// SSEKMSKeyId is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by WriteGetObjectResponseInput's
@@ -41804,6 +41704,9 @@ const (
// ObjectStorageClassGlacierIr is a ObjectStorageClass enum value
ObjectStorageClassGlacierIr = "GLACIER_IR"
+
+ // ObjectStorageClassSnow is a ObjectStorageClass enum value
+ ObjectStorageClassSnow = "SNOW"
)
// ObjectStorageClass_Values returns all elements of the ObjectStorageClass enum
@@ -41818,6 +41721,7 @@ func ObjectStorageClass_Values() []string {
ObjectStorageClassDeepArchive,
ObjectStorageClassOutposts,
ObjectStorageClassGlacierIr,
+ ObjectStorageClassSnow,
}
}
@@ -42095,6 +41999,9 @@ const (
// StorageClassGlacierIr is a StorageClass enum value
StorageClassGlacierIr = "GLACIER_IR"
+
+ // StorageClassSnow is a StorageClass enum value
+ StorageClassSnow = "SNOW"
)
// StorageClass_Values returns all elements of the StorageClass enum
@@ -42109,6 +42016,7 @@ func StorageClass_Values() []string {
StorageClassDeepArchive,
StorageClassOutposts,
StorageClassGlacierIr,
+ StorageClassSnow,
}
}
diff --git a/service/s3/examples_test.go b/service/s3/examples_test.go
index 16acede813d..7a7177f9210 100644
--- a/service/s3/examples_test.go
+++ b/service/s3/examples_test.go
@@ -398,13 +398,13 @@ func ExampleS3_DeleteBucketWebsite_shared00() {
fmt.Println(result)
}
-// To delete an object (from a non-versioned bucket)
-// The following example deletes an object from a non-versioned bucket.
+// To delete an object
+// The following example deletes an object from an S3 bucket.
func ExampleS3_DeleteObject_shared00() {
svc := s3.New(session.New())
input := &s3.DeleteObjectInput{
- Bucket: aws.String("ExampleBucket"),
- Key: aws.String("HappyFace.jpg"),
+ Bucket: aws.String("examplebucket"),
+ Key: aws.String("objectkey.jpg"),
}
result, err := svc.DeleteObject(input)
@@ -425,13 +425,13 @@ func ExampleS3_DeleteObject_shared00() {
fmt.Println(result)
}
-// To delete an object
-// The following example deletes an object from an S3 bucket.
+// To delete an object (from a non-versioned bucket)
+// The following example deletes an object from a non-versioned bucket.
func ExampleS3_DeleteObject_shared01() {
svc := s3.New(session.New())
input := &s3.DeleteObjectInput{
- Bucket: aws.String("examplebucket"),
- Key: aws.String("objectkey.jpg"),
+ Bucket: aws.String("ExampleBucket"),
+ Key: aws.String("HappyFace.jpg"),
}
result, err := svc.DeleteObject(input)
@@ -452,15 +452,15 @@ func ExampleS3_DeleteObject_shared01() {
fmt.Println(result)
}
-// To remove tag set from an object version
-// The following example removes tag set associated with the specified object version.
-// The request specifies both the object key and object version.
+// To remove tag set from an object
+// The following example removes tag set associated with the specified object. If the
+// bucket is versioning enabled, the operation removes tag set from the latest object
+// version.
func ExampleS3_DeleteObjectTagging_shared00() {
svc := s3.New(session.New())
input := &s3.DeleteObjectTaggingInput{
- Bucket: aws.String("examplebucket"),
- Key: aws.String("HappyFace.jpg"),
- VersionId: aws.String("ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI"),
+ Bucket: aws.String("examplebucket"),
+ Key: aws.String("HappyFace.jpg"),
}
result, err := svc.DeleteObjectTagging(input)
@@ -481,15 +481,15 @@ func ExampleS3_DeleteObjectTagging_shared00() {
fmt.Println(result)
}
-// To remove tag set from an object
-// The following example removes tag set associated with the specified object. If the
-// bucket is versioning enabled, the operation removes tag set from the latest object
-// version.
+// To remove tag set from an object version
+// The following example removes tag set associated with the specified object version.
+// The request specifies both the object key and object version.
func ExampleS3_DeleteObjectTagging_shared01() {
svc := s3.New(session.New())
input := &s3.DeleteObjectTaggingInput{
- Bucket: aws.String("examplebucket"),
- Key: aws.String("HappyFace.jpg"),
+ Bucket: aws.String("examplebucket"),
+ Key: aws.String("HappyFace.jpg"),
+ VersionId: aws.String("ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI"),
}
result, err := svc.DeleteObjectTagging(input)
@@ -1134,8 +1134,11 @@ func ExampleS3_HeadObject_shared00() {
fmt.Println(result)
}
-// To list all buckets
-// The following example returns all the buckets owned by the sender of this request.
+// To list object versions
+// The following example return versions of an object with specific key name prefix.
+// The request limits the number of items returned to two. If there are are more than
+// two object version, S3 returns NextToken in the response. You can specify this token
+// value in your next request to fetch next set of object versions.
func ExampleS3_ListBuckets_shared00() {
svc := s3.New(session.New())
input := &s3.ListBucketsInput{}
@@ -1279,7 +1282,7 @@ func ExampleS3_ListObjects_shared00() {
func ExampleS3_ListObjectsV2_shared00() {
svc := s3.New(session.New())
input := &s3.ListObjectsV2Input{
- Bucket: aws.String("DOC-EXAMPLE-BUCKET"),
+ Bucket: aws.String("examplebucket"),
MaxKeys: aws.Int64(2),
}
@@ -1748,19 +1751,16 @@ func ExampleS3_PutBucketWebsite_shared00() {
fmt.Println(result)
}
-// To upload object and specify user-defined metadata
-// The following example creates an object. The request also specifies optional metadata.
-// If the bucket is versioning enabled, S3 returns version ID in response.
+// To upload an object and specify optional tags
+// The following example uploads an object. The request specifies optional object tags.
+// The bucket is versioned, therefore S3 returns version ID of the newly created object.
func ExampleS3_PutObject_shared00() {
svc := s3.New(session.New())
input := &s3.PutObjectInput{
- Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")),
- Bucket: aws.String("examplebucket"),
- Key: aws.String("exampleobject"),
- Metadata: map[string]*string{
- "metadata1": aws.String("value1"),
- "metadata2": aws.String("value2"),
- },
+ Body: aws.ReadSeekCloser(strings.NewReader("c:\\HappyFace.jpg")),
+ Bucket: aws.String("examplebucket"),
+ Key: aws.String("HappyFace.jpg"),
+ Tagging: aws.String("key1=value1&key2=value2"),
}
result, err := svc.PutObject(input)
@@ -1781,16 +1781,16 @@ func ExampleS3_PutObject_shared00() {
fmt.Println(result)
}
-// To upload an object and specify optional tags
-// The following example uploads an object. The request specifies optional object tags.
-// The bucket is versioned, therefore S3 returns version ID of the newly created object.
+// To upload an object
+// The following example uploads an object to a versioning-enabled bucket. The source
+// file is specified using Windows file syntax. S3 returns VersionId of the newly created
+// object.
func ExampleS3_PutObject_shared01() {
svc := s3.New(session.New())
input := &s3.PutObjectInput{
- Body: aws.ReadSeekCloser(strings.NewReader("c:\\HappyFace.jpg")),
- Bucket: aws.String("examplebucket"),
- Key: aws.String("HappyFace.jpg"),
- Tagging: aws.String("key1=value1&key2=value2"),
+ Body: aws.ReadSeekCloser(strings.NewReader("HappyFace.jpg")),
+ Bucket: aws.String("examplebucket"),
+ Key: aws.String("HappyFace.jpg"),
}
result, err := svc.PutObject(input)
@@ -1811,17 +1811,18 @@ func ExampleS3_PutObject_shared01() {
fmt.Println(result)
}
-// To upload an object and specify canned ACL.
-// The following example uploads and object. The request specifies optional canned ACL
-// (access control list) to all READ access to authenticated users. If the bucket is
-// versioning enabled, S3 returns version ID in response.
+// To upload an object and specify server-side encryption and object tags
+// The following example uploads and object. The request specifies the optional server-side
+// encryption option. The request also specifies optional object tags. If the bucket
+// is versioning enabled, S3 returns version ID in response.
func ExampleS3_PutObject_shared02() {
svc := s3.New(session.New())
input := &s3.PutObjectInput{
- ACL: aws.String("authenticated-read"),
- Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")),
- Bucket: aws.String("examplebucket"),
- Key: aws.String("exampleobject"),
+ Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")),
+ Bucket: aws.String("examplebucket"),
+ Key: aws.String("exampleobject"),
+ ServerSideEncryption: aws.String("AES256"),
+ Tagging: aws.String("key1=value1&key2=value2"),
}
result, err := svc.PutObject(input)
@@ -1842,15 +1843,19 @@ func ExampleS3_PutObject_shared02() {
fmt.Println(result)
}
-// To create an object.
-// The following example creates an object. If the bucket is versioning enabled, S3
-// returns version ID in response.
+// To upload object and specify user-defined metadata
+// The following example creates an object. The request also specifies optional metadata.
+// If the bucket is versioning enabled, S3 returns version ID in response.
func ExampleS3_PutObject_shared03() {
svc := s3.New(session.New())
input := &s3.PutObjectInput{
Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")),
Bucket: aws.String("examplebucket"),
- Key: aws.String("objectkey"),
+ Key: aws.String("exampleobject"),
+ Metadata: map[string]*string{
+ "metadata1": aws.String("value1"),
+ "metadata2": aws.String("value2"),
+ },
}
result, err := svc.PutObject(input)
@@ -1871,16 +1876,17 @@ func ExampleS3_PutObject_shared03() {
fmt.Println(result)
}
-// To upload an object
-// The following example uploads an object to a versioning-enabled bucket. The source
-// file is specified using Windows file syntax. S3 returns VersionId of the newly created
-// object.
+// To upload an object (specify optional headers)
+// The following example uploads an object. The request specifies optional request headers
+// to directs S3 to use specific storage class and use server-side encryption.
func ExampleS3_PutObject_shared04() {
svc := s3.New(session.New())
input := &s3.PutObjectInput{
- Body: aws.ReadSeekCloser(strings.NewReader("HappyFace.jpg")),
- Bucket: aws.String("examplebucket"),
- Key: aws.String("HappyFace.jpg"),
+ Body: aws.ReadSeekCloser(strings.NewReader("HappyFace.jpg")),
+ Bucket: aws.String("examplebucket"),
+ Key: aws.String("HappyFace.jpg"),
+ ServerSideEncryption: aws.String("AES256"),
+ StorageClass: aws.String("STANDARD_IA"),
}
result, err := svc.PutObject(input)
@@ -1901,17 +1907,17 @@ func ExampleS3_PutObject_shared04() {
fmt.Println(result)
}
-// To upload an object (specify optional headers)
-// The following example uploads an object. The request specifies optional request headers
-// to directs S3 to use specific storage class and use server-side encryption.
+// To upload an object and specify canned ACL.
+// The following example uploads and object. The request specifies optional canned ACL
+// (access control list) to all READ access to authenticated users. If the bucket is
+// versioning enabled, S3 returns version ID in response.
func ExampleS3_PutObject_shared05() {
svc := s3.New(session.New())
input := &s3.PutObjectInput{
- Body: aws.ReadSeekCloser(strings.NewReader("HappyFace.jpg")),
- Bucket: aws.String("examplebucket"),
- Key: aws.String("HappyFace.jpg"),
- ServerSideEncryption: aws.String("AES256"),
- StorageClass: aws.String("STANDARD_IA"),
+ ACL: aws.String("authenticated-read"),
+ Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")),
+ Bucket: aws.String("examplebucket"),
+ Key: aws.String("exampleobject"),
}
result, err := svc.PutObject(input)
@@ -1932,18 +1938,15 @@ func ExampleS3_PutObject_shared05() {
fmt.Println(result)
}
-// To upload an object and specify server-side encryption and object tags
-// The following example uploads an object. The request specifies the optional server-side
-// encryption option. The request also specifies optional object tags. If the bucket
-// is versioning enabled, S3 returns version ID in response.
+// To create an object.
+// The following example creates an object. If the bucket is versioning enabled, S3
+// returns version ID in response.
func ExampleS3_PutObject_shared06() {
svc := s3.New(session.New())
input := &s3.PutObjectInput{
- Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")),
- Bucket: aws.String("examplebucket"),
- Key: aws.String("exampleobject"),
- ServerSideEncryption: aws.String("AES256"),
- Tagging: aws.String("key1=value1&key2=value2"),
+ Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")),
+ Bucket: aws.String("examplebucket"),
+ Key: aws.String("objectkey"),
}
result, err := svc.PutObject(input)
@@ -2104,17 +2107,18 @@ func ExampleS3_UploadPart_shared00() {
fmt.Println(result)
}
-// To upload a part by copying data from an existing object as data source
-// The following example uploads a part of a multipart upload by copying data from an
-// existing object as data source.
+// To upload a part by copying byte range from an existing object as data source
+// The following example uploads a part of a multipart upload by copying a specified
+// byte range from an existing object as data source.
func ExampleS3_UploadPartCopy_shared00() {
svc := s3.New(session.New())
input := &s3.UploadPartCopyInput{
- Bucket: aws.String("examplebucket"),
- CopySource: aws.String("/bucketname/sourceobjectkey"),
- Key: aws.String("examplelargeobject"),
- PartNumber: aws.Int64(1),
- UploadId: aws.String("exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--"),
+ Bucket: aws.String("examplebucket"),
+ CopySource: aws.String("/bucketname/sourceobjectkey"),
+ CopySourceRange: aws.String("bytes=1-100000"),
+ Key: aws.String("examplelargeobject"),
+ PartNumber: aws.Int64(2),
+ UploadId: aws.String("exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--"),
}
result, err := svc.UploadPartCopy(input)
@@ -2135,18 +2139,17 @@ func ExampleS3_UploadPartCopy_shared00() {
fmt.Println(result)
}
-// To upload a part by copying byte range from an existing object as data source
-// The following example uploads a part of a multipart upload by copying a specified
-// byte range from an existing object as data source.
+// To upload a part by copying data from an existing object as data source
+// The following example uploads a part of a multipart upload by copying data from an
+// existing object as data source.
func ExampleS3_UploadPartCopy_shared01() {
svc := s3.New(session.New())
input := &s3.UploadPartCopyInput{
- Bucket: aws.String("examplebucket"),
- CopySource: aws.String("/bucketname/sourceobjectkey"),
- CopySourceRange: aws.String("bytes=1-100000"),
- Key: aws.String("examplelargeobject"),
- PartNumber: aws.Int64(2),
- UploadId: aws.String("exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--"),
+ Bucket: aws.String("examplebucket"),
+ CopySource: aws.String("/bucketname/sourceobjectkey"),
+ Key: aws.String("examplelargeobject"),
+ PartNumber: aws.Int64(1),
+ UploadId: aws.String("exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--"),
}
result, err := svc.UploadPartCopy(input)
diff --git a/service/s3/s3manager/upload_input.go b/service/s3/s3manager/upload_input.go
index 543d7fdf59d..1cd115f48ce 100644
--- a/service/s3/s3manager/upload_input.go
+++ b/service/s3/s3manager/upload_input.go
@@ -40,12 +40,12 @@ type UploadInput struct {
// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
// in the Amazon S3 User Guide.
//
- // When you use this action with Amazon S3 on Outposts, you must direct requests
+ // When using this action with Amazon S3 on Outposts, you must direct requests
// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When
- // you use this action with S3 on Outposts through the Amazon Web Services SDKs,
- // you provide the Outposts access point ARN in place of the bucket name. For
- // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+ // using this action with S3 on Outposts through the Amazon Web Services SDKs,
+ // you provide the Outposts bucket ARN in place of the bucket name. For more
+ // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
// in the Amazon S3 User Guide.
//
// Bucket is a required field
@@ -111,13 +111,13 @@ type UploadInput struct {
ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"`
// Specifies presentational information for the object. For more information,
- // see https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4).
+ // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1).
ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
// Specifies what content encodings have been applied to the object and thus
// what decoding mechanisms must be applied to obtain the media-type referenced
- // by the Content-Type header field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding
- // (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding).
+ // by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
+ // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11).
ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
// The language the content is in.
@@ -135,7 +135,7 @@ type UploadInput struct {
ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
// A standard MIME type describing the format of the contents. For more information,
- // see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type).
+ // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17).
ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -144,7 +144,7 @@ type UploadInput struct {
ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"`
// The date and time at which the object is no longer cacheable. For more information,
- // see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3).
+ // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21).
Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"`
// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
@@ -211,14 +211,12 @@ type UploadInput struct {
// Specifies the Amazon Web Services KMS Encryption Context to use for object
// encryption. The value of this header is a base64-encoded UTF-8 string holding
- // JSON with the encryption context key-value pairs. This value is stored as
- // object metadata and automatically gets passed on to Amazon Web Services KMS
- // for future GetObject or CopyObject operations on this object.
+ // JSON with the encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
- // If x-amz-server-side-encryption has a valid value of aws:kms, this header
- // specifies the ID of the Amazon Web Services Key Management Service (Amazon
- // Web Services KMS) symmetric encryption customer managed key that was used
+ // If x-amz-server-side-encryption is present and has the value of aws:kms,
+ // this header specifies the ID of the Amazon Web Services Key Management Service
+ // (Amazon Web Services KMS) symmetrical customer managed key that was used
// for the object. If you specify x-amz-server-side-encryption:aws:kms, but
// do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses
// the Amazon Web Services managed key to protect the data. If the KMS key does
diff --git a/service/secretsmanager/api.go b/service/secretsmanager/api.go
index de5dd80e47a..4380a5c3236 100644
--- a/service/secretsmanager/api.go
+++ b/service/secretsmanager/api.go
@@ -2754,8 +2754,8 @@ func (c *SecretsManager) ValidateResourcePolicyRequest(input *ValidateResourcePo
// be logged. For more information, see Logging Secrets Manager events with
// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).
//
-// Required permissions: secretsmanager:ValidateResourcePolicy. For more information,
-// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions)
+// Required permissions: secretsmanager:ValidateResourcePolicy and secretsmanager:PutResourcePolicy.
+// For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions)
// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -2963,7 +2963,7 @@ type CreateSecretInput struct {
Description *string `type:"string"`
// Specifies whether to overwrite a secret with the same name in the destination
- // Region.
+ // Region. By default, secrets aren't overwritten.
ForceOverwriteReplicaSecret *bool `type:"boolean"`
// The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt
@@ -3419,7 +3419,8 @@ type DeleteSecretInput struct {
// Specifies whether to delete the secret without any recovery window. You can't
// use both this parameter and RecoveryWindowInDays in the same call. If you
- // don't use either, then Secrets Manager defaults to a 30 day recovery window.
+ // don't use either, then by default Secrets Manager uses a 30 day recovery
+ // window.
//
// Secrets Manager performs the actual deletion with an asynchronous background
// process, so there might be a short delay before the secret is permanently
@@ -3435,8 +3436,8 @@ type DeleteSecretInput struct {
// The number of days from 7 to 30 that Secrets Manager waits before permanently
// deleting the secret. You can't use both this parameter and ForceDeleteWithoutRecovery
- // in the same call. If you don't use either, then Secrets Manager defaults
- // to a 30 day recovery window.
+ // in the same call. If you don't use either, then by default Secrets Manager
+ // uses a 30 day recovery window.
RecoveryWindowInDays *int64 `type:"long"`
// The ARN or name of the secret to delete.
@@ -4765,7 +4766,8 @@ type ListSecretVersionIdsInput struct {
// Specifies whether to include versions of secrets that don't have any staging
// labels attached to them. Versions without staging labels are considered deprecated
- // and are subject to deletion by Secrets Manager.
+ // and are subject to deletion by Secrets Manager. By default, versions without
+ // staging labels aren't included.
IncludeDeprecated *bool `type:"boolean"`
// The number of results to include in the response.
@@ -4921,7 +4923,8 @@ type ListSecretsInput struct {
// The filters to apply to the list of secrets.
Filters []*Filter `type:"list"`
- // Specifies whether to include secrets scheduled for deletion.
+ // Specifies whether to include secrets scheduled for deletion. By default,
+ // secrets scheduled for deletion aren't included.
IncludePlannedDeletion *bool `type:"boolean"`
// The number of results to include in the response.
@@ -5254,7 +5257,8 @@ type PutResourcePolicyInput struct {
_ struct{} `type:"structure"`
// Specifies whether to block resource-based policies that allow broad access
- // to the secret, for example those that use a wildcard for the principal.
+ // to the secret, for example those that use a wildcard for the principal. By
+ // default, public policies aren't blocked.
BlockPublicPolicy *bool `type:"boolean"`
// A JSON-formatted string for an Amazon Web Services resource-based policy.
@@ -5762,7 +5766,7 @@ type ReplicateSecretToRegionsInput struct {
AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list" required:"true"`
// Specifies whether to overwrite a secret with the same name in the destination
- // Region.
+ // Region. By default, secrets aren't overwritten.
ForceOverwriteReplicaSecret *bool `type:"boolean"`
// The ARN or name of the secret to replicate.
@@ -6200,8 +6204,7 @@ type RotateSecretInput struct {
// of the Lambda rotation function. The test creates an AWSPENDING version of
// the secret and then removes it.
//
- // If you don't specify this value, then by default, Secrets Manager rotates
- // the secret immediately.
+ // By default, Secrets Manager rotates the secret immediately.
RotateImmediately *bool `type:"boolean"`
// For secrets that use a Lambda rotation function to rotate, the ARN of the
diff --git a/service/secretsmanager/examples_test.go b/service/secretsmanager/examples_test.go
index a4df93bc588..3bda41472f6 100644
--- a/service/secretsmanager/examples_test.go
+++ b/service/secretsmanager/examples_test.go
@@ -473,6 +473,47 @@ func ExampleSecretsManager_PutSecretValue_shared00() {
fmt.Println(result)
}
+// Example
+// The following example replicates a secret to eu-west-3. The replica is encrypted
+// with the AWS managed key aws/secretsmanager.
+func ExampleSecretsManager_ReplicateSecretToRegions_shared00() {
+ svc := secretsmanager.New(session.New())
+ input := &secretsmanager.ReplicateSecretToRegionsInput{
+ AddReplicaRegions: []*secretsmanager.ReplicaRegionType{
+ {
+ Region: aws.String("eu-west-3"),
+ },
+ },
+ ForceOverwriteReplicaSecret: aws.Bool(true),
+ SecretId: aws.String("MyTestSecret"),
+ }
+
+ result, err := svc.ReplicateSecretToRegions(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case secretsmanager.ErrCodeResourceNotFoundException:
+ fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
+ case secretsmanager.ErrCodeInvalidRequestException:
+ fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
+ case secretsmanager.ErrCodeInvalidParameterException:
+ fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
+ case secretsmanager.ErrCodeInternalServiceError:
+ fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
// To restore a previously deleted secret
// The following example shows how to restore a secret that you previously scheduled
// for deletion.
diff --git a/service/securityhub/examples_test.go b/service/securityhub/examples_test.go
new file mode 100644
index 00000000000..8a06b4f96a0
--- /dev/null
+++ b/service/securityhub/examples_test.go
@@ -0,0 +1,2123 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package securityhub_test
+
+import (
+ "fmt"
+ "strings"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/session"
+ "github.com/aws/aws-sdk-go/service/securityhub"
+)
+
+var _ time.Duration
+var _ strings.Reader
+var _ aws.Config
+
+func parseTime(layout, value string) *time.Time {
+ t, err := time.Parse(layout, value)
+ if err != nil {
+ panic(err)
+ }
+ return &t
+}
+
+// To accept an invitation be a member account
+// The following example demonstrates how an account can accept an invitation from the
+// Security Hub administrator account to be a member account. This operation is applicable
+// only to member accounts that are not added through AWS Organizations.
+func ExampleSecurityHub_AcceptAdministratorInvitation_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.AcceptAdministratorInvitationInput{
+ AdministratorId: aws.String("123456789012"),
+ InvitationId: aws.String("7ab938c5d52d7904ad09f9e7c20cc4eb"),
+ }
+
+ result, err := svc.AcceptAdministratorInvitation(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To disable one or more security standards
+// The following example disables a security standard in Security Hub.
+func ExampleSecurityHub_BatchDisableStandards_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.BatchDisableStandardsInput{
+ StandardsSubscriptionArns: []*string{
+ aws.String("arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"),
+ },
+ }
+
+ result, err := svc.BatchDisableStandards(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To import security findings from a third party provider to Security Hub
+// The following example imports findings from a third party provider to Security Hub.
+func ExampleSecurityHub_BatchEnableStandards_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.BatchEnableStandardsInput{
+ StandardsSubscriptionRequests: []*securityhub.StandardsSubscriptionRequest{
+ {
+ StandardsArn: aws.String("arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1"),
+ },
+ },
+ }
+
+ result, err := svc.BatchEnableStandards(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To import security findings from a third party provider to Security Hub
+// The following example imports findings from a third party provider to Security Hub.
+func ExampleSecurityHub_BatchImportFindings_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.BatchImportFindingsInput{
+ Findings: []*securityhub.AwsSecurityFinding{
+ {
+ AwsAccountId: aws.String("123456789012"),
+ CreatedAt: aws.String("2020-05-27T17:05:54.832Z"),
+ Description: aws.String("Vulnerability in a CloudTrail trail"),
+ FindingProviderFields: &securityhub.FindingProviderFields{
+ Severity: &securityhub.FindingProviderSeverity{
+ Label: aws.String("LOW"),
+ Original: aws.String("10"),
+ },
+ Types: []*string{
+ aws.String("Software and Configuration Checks/Vulnerabilities/CVE"),
+ },
+ },
+ GeneratorId: aws.String("TestGeneratorId"),
+ Id: aws.String("Id1"),
+ ProductArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:product/123456789012/default"),
+ Resources: []*securityhub.Resource{
+ {
+ Id: aws.String("arn:aws:cloudtrail:us-west-1:123456789012:trail/TrailName"),
+ Partition: aws.String("aws"),
+ Region: aws.String("us-west-1"),
+ Type: aws.String("AwsCloudTrailTrail"),
+ },
+ },
+ SchemaVersion: aws.String("2018-10-08"),
+ Title: aws.String("CloudTrail trail vulnerability"),
+ UpdatedAt: aws.String("2020-06-02T16:05:54.832Z"),
+ },
+ },
+ }
+
+ result, err := svc.BatchImportFindings(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To update Security Hub findings
+// The following example updates Security Hub findings. The finding identifier parameter
+// specifies which findings to update. Only specific finding fields can be updated with
+// this operation.
+func ExampleSecurityHub_BatchUpdateFindings_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.BatchUpdateFindingsInput{
+ Confidence: aws.Int64(80),
+ Criticality: aws.Int64(80),
+ FindingIdentifiers: []*securityhub.AwsSecurityFindingIdentifier{
+ {
+ Id: aws.String("arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"),
+ ProductArn: aws.String("arn:aws:securityhub:us-west-1::product/aws/securityhub"),
+ },
+ {
+ Id: aws.String("arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"),
+ ProductArn: aws.String("arn:aws:securityhub:us-west-1::product/aws/securityhub"),
+ },
+ },
+ Note: &securityhub.NoteUpdate{
+ Text: aws.String("Known issue that is not a risk."),
+ UpdatedBy: aws.String("user1"),
+ },
+ RelatedFindings: []*securityhub.RelatedFinding{
+ {
+ Id: aws.String("arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333"),
+ ProductArn: aws.String("arn:aws:securityhub:us-west-1::product/aws/securityhub"),
+ },
+ },
+ Severity: &securityhub.SeverityUpdate{
+ Label: aws.String("LOW"),
+ },
+ Types: []*string{
+ aws.String("Software and Configuration Checks/Vulnerabilities/CVE"),
+ },
+ UserDefinedFields: map[string]*string{
+ "reviewedByCio": aws.String("true"),
+ },
+ VerificationState: aws.String("TRUE_POSITIVE"),
+ Workflow: &securityhub.WorkflowUpdate{
+ Status: aws.String("RESOLVED"),
+ },
+ }
+
+ result, err := svc.BatchUpdateFindings(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To create a custom action target
+// The following example creates a custom action target in Security Hub. Custom actions
+// on findings and insights automatically trigger actions in Amazon CloudWatch Events.
+func ExampleSecurityHub_CreateActionTarget_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.CreateActionTargetInput{
+ Description: aws.String("Action to send the finding for remediation tracking"),
+ Id: aws.String("Remediation"),
+ Name: aws.String("Send to remediation"),
+ }
+
+ result, err := svc.CreateActionTarget(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceConflictException:
+ fmt.Println(securityhub.ErrCodeResourceConflictException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To enable cross-Region aggregation
+// The following example creates a finding aggregator. This is required to enable cross-Region
+// aggregation.
+func ExampleSecurityHub_CreateFindingAggregator_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.CreateFindingAggregatorInput{
+ RegionLinkingMode: aws.String("SPECIFIED_REGIONS"),
+ Regions: []*string{
+ aws.String("us-west-1"),
+ aws.String("us-west-2"),
+ },
+ }
+
+ result, err := svc.CreateFindingAggregator(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeAccessDeniedException:
+ fmt.Println(securityhub.ErrCodeAccessDeniedException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To create a custom insight
+// The following example creates a custom insight in Security Hub. An insight is a collection
+// of findings that relate to a security issue.
+func ExampleSecurityHub_CreateInsight_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.CreateInsightInput{
+ Filters: &securityhub.AwsSecurityFindingFilters{
+ ResourceType: []*securityhub.StringFilter{
+ {
+ Comparison: aws.String("EQUALS"),
+ Value: aws.String("AwsIamRole"),
+ },
+ },
+ SeverityLabel: []*securityhub.StringFilter{
+ {
+ Comparison: aws.String("EQUALS"),
+ Value: aws.String("CRITICAL"),
+ },
+ },
+ },
+ GroupByAttribute: aws.String("ResourceId"),
+ Name: aws.String("Critical role findings"),
+ }
+
+ result, err := svc.CreateInsight(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceConflictException:
+ fmt.Println(securityhub.ErrCodeResourceConflictException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To add a member account
+// The following example creates a member association between the specified accounts
+// and the administrator account (the account that makes the request). This operation
+// is used to add accounts that aren't part of an organization.
+func ExampleSecurityHub_CreateMembers_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.CreateMembersInput{
+ AccountDetails: []*securityhub.AccountDetails{
+ {
+ AccountId: aws.String("123456789012"),
+ },
+ {
+ AccountId: aws.String("111122223333"),
+ },
+ },
+ }
+
+ result, err := svc.CreateMembers(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceConflictException:
+ fmt.Println(securityhub.ErrCodeResourceConflictException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To decline invitation to become a member account
+// The following example declines an invitation from the Security Hub administrator
+// account to become a member account. The invited account makes the request.
+func ExampleSecurityHub_DeclineInvitations_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DeclineInvitationsInput{
+ AccountIds: []*string{
+ aws.String("123456789012"),
+ aws.String("111122223333"),
+ },
+ }
+
+ result, err := svc.DeclineInvitations(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To delete a custom action target
+// The following example deletes a custom action target that triggers target actions
+// in Amazon CloudWatch Events. Deleting a custom action target doesn't affect findings
+// or insights that were already sent to CloudWatch Events based on the custom action.
+func ExampleSecurityHub_DeleteActionTarget_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DeleteActionTargetInput{
+ ActionTargetArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation"),
+ }
+
+ result, err := svc.DeleteActionTarget(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To delete a finding aggregator
+// The following example deletes a finding aggregator in Security Hub. Deleting the
+// finding aggregator stops cross-Region aggregation. This operation produces no output.
+func ExampleSecurityHub_DeleteFindingAggregator_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DeleteFindingAggregatorInput{
+ FindingAggregatorArn: aws.String("arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"),
+ }
+
+ result, err := svc.DeleteFindingAggregator(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeAccessDeniedException:
+ fmt.Println(securityhub.ErrCodeAccessDeniedException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To delete a custom insight
+// The following example deletes a custom insight in Security Hub.
+func ExampleSecurityHub_DeleteInsight_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DeleteInsightInput{
+ InsightArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"),
+ }
+
+ result, err := svc.DeleteInsight(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To delete a custom insight
+// The following example deletes an invitation sent by the Security Hub administrator
+// account to a prospective member account. This operation is used only for invitations
+// sent to accounts that aren't part of an organization. Organization accounts don't
+// receive invitations.
+func ExampleSecurityHub_DeleteInvitations_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DeleteInvitationsInput{
+ AccountIds: []*string{
+ aws.String("123456789012"),
+ },
+ }
+
+ result, err := svc.DeleteInvitations(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To delete a member account
+// The following example deletes the specified member account from Security Hub. This
+// operation can be used to delete member accounts that are part of an organization
+// or that were invited manually.
+func ExampleSecurityHub_DeleteMembers_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DeleteMembersInput{
+ AccountIds: []*string{
+ aws.String("123456789111"),
+ aws.String("123456789222"),
+ },
+ }
+
+ result, err := svc.DeleteMembers(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To return custom action targets
+// The following example returns a list of custom action targets. You use custom actions
+// on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch
+// Events.
+func ExampleSecurityHub_DescribeActionTargets_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DescribeActionTargetsInput{
+ ActionTargetArns: []*string{
+ aws.String("arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation"),
+ },
+ }
+
+ result, err := svc.DescribeActionTargets(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To return details about Hub resource
+// The following example returns details about the Hub resource in the calling account.
+// The Hub resource represents the implementation of the AWS Security Hub service in
+// the calling account.
+func ExampleSecurityHub_DescribeHub_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DescribeHubInput{
+ HubArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:hub/default"),
+ }
+
+ result, err := svc.DescribeHub(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get information about Organizations configuration
+// The following example returns details about the way in which AWS Organizations is
+// configured for a Security Hub account that belongs to an organization. Only a Security
+// Hub administrator account can call this operation.
+func ExampleSecurityHub_DescribeOrganizationConfiguration_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DescribeOrganizationConfigurationInput{}
+
+ result, err := svc.DescribeOrganizationConfiguration(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get information about Security Hub integrations
+// The following example returns details about AWS services and third-party products
+// that Security Hub integrates with.
+func ExampleSecurityHub_DescribeProducts_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DescribeProductsInput{
+ MaxResults: aws.Int64(1),
+ NextToken: aws.String("NULL"),
+ ProductArn: aws.String("arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon"),
+ }
+
+ result, err := svc.DescribeProducts(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get available Security Hub standards
+// The following example returns a list of available security standards in Security
+// Hub.
+func ExampleSecurityHub_DescribeStandards_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DescribeStandardsInput{}
+
+ result, err := svc.DescribeStandards(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get a list of controls for a security standard
+// The following example returns a list of security controls and control details that
+// apply to a specified security standard. The list includes controls that are enabled
+// and disabled in the standard.
+func ExampleSecurityHub_DescribeStandardsControls_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DescribeStandardsControlsInput{
+ MaxResults: aws.Int64(2),
+ NextToken: aws.String("NULL"),
+ StandardsSubscriptionArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"),
+ }
+
+ result, err := svc.DescribeStandardsControls(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To end a Security Hub integration
+// The following example ends an integration between Security Hub and the specified
+// product that sends findings to Security Hub. After the integration ends, the product
+// no longer sends findings to Security Hub.
+func ExampleSecurityHub_DisableImportFindingsForProduct_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DisableImportFindingsForProductInput{
+ ProductSubscriptionArn: aws.String("arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon"),
+ }
+
+ result, err := svc.DisableImportFindingsForProduct(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To remove a Security Hub administrator account
+// The following example removes the Security Hub administrator account in the Region
+// from which the operation was executed. This operation doesn't remove the delegated
+// administrator account in AWS Organizations.
+func ExampleSecurityHub_DisableOrganizationAdminAccount_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DisableOrganizationAdminAccountInput{
+ AdminAccountId: aws.String("123456789012"),
+ }
+
+ result, err := svc.DisableOrganizationAdminAccount(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To deactivate Security Hub
+// The following example deactivates Security Hub for the current account and Region.
+func ExampleSecurityHub_DisableSecurityHub_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DisableSecurityHubInput{}
+
+ result, err := svc.DisableSecurityHub(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To disassociate requesting account from administrator account
+// The following example dissociates the requesting account from its associated administrator
+// account.
+func ExampleSecurityHub_DisassociateFromAdministratorAccount_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DisassociateFromAdministratorAccountInput{}
+
+ result, err := svc.DisassociateFromAdministratorAccount(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To disassociate member accounts from administrator account
+// The following example dissociates the specified member accounts from the associated
+// administrator account.
+func ExampleSecurityHub_DisassociateMembers_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.DisassociateMembersInput{
+ AccountIds: []*string{
+ aws.String("123456789012"),
+ aws.String("111122223333"),
+ },
+ }
+
+ result, err := svc.DisassociateMembers(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To activate an integration
+// The following example activates an integration between Security Hub and a third party
+// partner product that sends findings to Security Hub.
+func ExampleSecurityHub_EnableImportFindingsForProduct_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.EnableImportFindingsForProductInput{
+ ProductArn: aws.String("arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon"),
+ }
+
+ result, err := svc.EnableImportFindingsForProduct(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceConflictException:
+ fmt.Println(securityhub.ErrCodeResourceConflictException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To designate a Security Hub administrator
+// The following example designates the specified account as the Security Hub administrator
+// account. The requesting account must be the organization management account.
+func ExampleSecurityHub_EnableOrganizationAdminAccount_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.EnableOrganizationAdminAccountInput{
+ AdminAccountId: aws.String("123456789012"),
+ }
+
+ result, err := svc.EnableOrganizationAdminAccount(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To activate Security Hub
+// The following example activates the Security Hub service in the requesting AWS account.
+// The service is activated in the current AWS Region or the Region that you specify
+// in the request. Some standards are automatically turned on in your account unless
+// you opt out. To determine which standards are automatically turned on, see the Security
+// Hub documentation.
+func ExampleSecurityHub_EnableSecurityHub_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.EnableSecurityHubInput{
+ EnableDefaultStandards: aws.Bool(true),
+ Tags: map[string]*string{
+ "Department": aws.String("Security"),
+ },
+ }
+
+ result, err := svc.EnableSecurityHub(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceConflictException:
+ fmt.Println(securityhub.ErrCodeResourceConflictException, aerr.Error())
+ case securityhub.ErrCodeAccessDeniedException:
+ fmt.Println(securityhub.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get details about the Security Hub administrator account
+// The following example provides details about the Security Hub administrator account
+// for the requesting member account.
+func ExampleSecurityHub_GetAdministratorAccount_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.GetAdministratorAccountInput{}
+
+ result, err := svc.GetAdministratorAccount(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To return a list of enabled standards
+// The following example returns a list of Security Hub standards that are currently
+// enabled in your account.
+func ExampleSecurityHub_GetEnabledStandards_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.GetEnabledStandardsInput{
+ StandardsSubscriptionArns: []*string{
+ aws.String("arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"),
+ },
+ }
+
+ result, err := svc.GetEnabledStandards(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get cross-Region aggregation details
+// The following example returns cross-Region aggregation details for the requesting
+// account.
+func ExampleSecurityHub_GetFindingAggregator_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.GetFindingAggregatorInput{
+ FindingAggregatorArn: aws.String("arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"),
+ }
+
+ result, err := svc.GetFindingAggregator(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeAccessDeniedException:
+ fmt.Println(securityhub.ErrCodeAccessDeniedException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get a list of findings
+// The following example returns a filtered and sorted list of Security Hub findings.
+func ExampleSecurityHub_GetFindings_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.GetFindingsInput{
+ Filters: &securityhub.AwsSecurityFindingFilters{
+ AwsAccountId: []*securityhub.StringFilter{
+ {
+ Comparison: aws.String("PREFIX"),
+ Value: aws.String("123456789012"),
+ },
+ },
+ },
+ MaxResults: aws.Int64(1),
+ }
+
+ result, err := svc.GetFindings(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get the results of a Security Hub insight
+// The following example returns the results of the Security Hub insight specified by
+// the insight ARN.
+func ExampleSecurityHub_GetInsightResults_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.GetInsightResultsInput{
+ InsightArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"),
+ }
+
+ result, err := svc.GetInsightResults(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get details of a Security Hub insight
+// The following example returns details of the Security Hub insight with the specified
+// ARN.
+func ExampleSecurityHub_GetInsights_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.GetInsightsInput{
+ InsightArns: []*string{
+ aws.String("arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"),
+ },
+ }
+
+ result, err := svc.GetInsights(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get a count of membership invitations
+// The following example returns a count of invitations that the Security Hub administrator
+// sent to the current member account, not including the currently accepted invitation.
+func ExampleSecurityHub_GetInvitationsCount_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.GetInvitationsCountInput{}
+
+ result, err := svc.GetInvitationsCount(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get member account details
+// The following example returns details for the Security Hub member accounts with the
+// specified AWS account IDs. An administrator account may be the delegated Security
+// Hub administrator account for an organization or an administrator account that enabled
+// Security Hub manually. The Security Hub administrator must call this operation.
+func ExampleSecurityHub_GetMembers_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.GetMembersInput{
+ AccountIds: []*string{
+ aws.String("444455556666"),
+ aws.String("777788889999"),
+ },
+ }
+
+ result, err := svc.GetMembers(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To invite accounts to become members
+// The following example invites the specified AWS accounts to become member accounts
+// associated with the calling Security Hub administrator account. You only use this
+// operation to invite accounts that don't belong to an AWS Organizations organization.
+func ExampleSecurityHub_InviteMembers_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.InviteMembersInput{
+ AccountIds: []*string{
+ aws.String("111122223333"),
+ aws.String("444455556666"),
+ },
+ }
+
+ result, err := svc.InviteMembers(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To list ARNs for enabled integrations
+// The following example returns a list of subscription Amazon Resource Names (ARNs)
+// for the product integrations that you have currently enabled in Security Hub.
+func ExampleSecurityHub_ListEnabledProductsForImport_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.ListEnabledProductsForImportInput{}
+
+ result, err := svc.ListEnabledProductsForImport(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To update the enablement status of a standard control
+// The following example disables the specified control in the specified security standard.
+func ExampleSecurityHub_ListFindingAggregators_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.ListFindingAggregatorsInput{}
+
+ result, err := svc.ListFindingAggregators(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeAccessDeniedException:
+ fmt.Println(securityhub.ErrCodeAccessDeniedException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To list membership invitations to calling account
+// The following example returns a list of Security Hub member invitations sent to the
+// calling AWS account. Only accounts that are invited manually use this operation.
+// It's not for use by accounts that are managed through AWS Organizations.
+func ExampleSecurityHub_ListInvitations_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.ListInvitationsInput{}
+
+ result, err := svc.ListInvitations(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To list member account details
+// The following example returns details about member accounts for the calling Security
+// Hub administrator account. The response includes member accounts that are managed
+// through AWS Organizations and those that were invited manually.
+func ExampleSecurityHub_ListMembers_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.ListMembersInput{}
+
+ result, err := svc.ListMembers(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To list administrator acccounts for an organization
+// The following example lists the Security Hub administrator accounts for an organization.
+// Only the organization management account can call this operation.
+func ExampleSecurityHub_ListOrganizationAdminAccounts_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.ListOrganizationAdminAccountsInput{}
+
+ result, err := svc.ListOrganizationAdminAccounts(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To list security controls that apply to a standard
+// The following example lists security controls that apply to a specified Security
+// Hub standard.
+func ExampleSecurityHub_ListSecurityControlDefinitions_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.ListSecurityControlDefinitionsInput{
+ MaxResults: aws.Int64(3),
+ NextToken: aws.String("NULL"),
+ StandardsArn: aws.String("arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0"),
+ }
+
+ result, err := svc.ListSecurityControlDefinitions(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To say whether standard
+// The following example specifies whether a control is currently enabled or disabled
+// in each enabled standard in the calling account. The response also provides other
+// details about the control.
+func ExampleSecurityHub_ListStandardsControlAssociations_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.ListStandardsControlAssociationsInput{
+ SecurityControlId: aws.String("S3.1"),
+ }
+
+ result, err := svc.ListStandardsControlAssociations(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To get a list of tags for a resource
+// The following example returns a list of tags associated with the specified resource.
+func ExampleSecurityHub_ListTagsForResource_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.ListTagsForResourceInput{
+ ResourceArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:hub/default"),
+ }
+
+ result, err := svc.ListTagsForResource(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To tag a resource
+// The following example adds the 'Department' and 'Area' tags to the specified resource.
+func ExampleSecurityHub_TagResource_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.TagResourceInput{
+ ResourceArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:hub/default"),
+ Tags: map[string]*string{
+ "Area": aws.String("USMidwest"),
+ "Department": aws.String("Operations"),
+ },
+ }
+
+ result, err := svc.TagResource(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To remove tags from a resource
+// The following example removes the 'Department' tag from the specified resource.
+func ExampleSecurityHub_UntagResource_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.UntagResourceInput{
+ ResourceArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:hub/default"),
+ TagKeys: []*string{
+ aws.String("Department"),
+ },
+ }
+
+ result, err := svc.UntagResource(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To update the name and description of a custom action target
+// The following example updates the name and description of a custom action target
+// in Security Hub. You can create custom actions to automatically respond to Security
+// Hub findings using Amazon EventBridge.
+func ExampleSecurityHub_UpdateActionTarget_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.UpdateActionTargetInput{
+ ActionTargetArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation"),
+ Description: aws.String("Sends specified findings to customer service chat"),
+ Name: aws.String("Chat custom action"),
+ }
+
+ result, err := svc.UpdateActionTarget(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To update cross-Region aggregation settings
+// The following example updates the cross-Region aggregation configuration. You use
+// this operation to change the list of linked Regions and the treatment of new Regions.
+// However, you cannot use this operation to change the aggregation Region.
+func ExampleSecurityHub_UpdateFindingAggregator_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.UpdateFindingAggregatorInput{
+ FindingAggregatorArn: aws.String("arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"),
+ RegionLinkingMode: aws.String("SPECIFIED_REGIONS"),
+ Regions: []*string{
+ aws.String("us-west-1"),
+ aws.String("us-west-2"),
+ },
+ }
+
+ result, err := svc.UpdateFindingAggregator(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeAccessDeniedException:
+ fmt.Println(securityhub.ErrCodeAccessDeniedException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To update an insight
+// The following example updates the specified Security Hub insight.
+func ExampleSecurityHub_UpdateInsight_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.UpdateInsightInput{
+ Filters: &securityhub.AwsSecurityFindingFilters{
+ ResourceType: []*securityhub.StringFilter{
+ {
+ Comparison: aws.String("EQUALS"),
+ Value: aws.String("AwsIamRole"),
+ },
+ },
+ SeverityLabel: []*securityhub.StringFilter{
+ {
+ Comparison: aws.String("EQUALS"),
+ Value: aws.String("HIGH"),
+ },
+ },
+ },
+ InsightArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"),
+ Name: aws.String("High severity role findings"),
+ }
+
+ result, err := svc.UpdateInsight(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To update organization configuration
+// The following example updates the configuration for an organization so that Security
+// Hub is automatically activated for new member accounts. Only the Security Hub administrator
+// account can call this operation.
+func ExampleSecurityHub_UpdateOrganizationConfiguration_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.UpdateOrganizationConfigurationInput{
+ AutoEnable: aws.Bool(true),
+ }
+
+ result, err := svc.UpdateOrganizationConfiguration(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To update Security Hub settings
+// The following example updates Security Hub settings to turn on consolidated control
+// findings, and to automatically enable new controls in enabled standards.
+func ExampleSecurityHub_UpdateSecurityHubConfiguration_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.UpdateSecurityHubConfigurationInput{
+ AutoEnableControls: aws.Bool(true),
+ ControlFindingGenerator: aws.String("SECURITY_CONTROL"),
+ }
+
+ result, err := svc.UpdateSecurityHubConfiguration(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeLimitExceededException:
+ fmt.Println(securityhub.ErrCodeLimitExceededException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// To update the enablement status of a standard control
+// The following example disables the specified control in the specified security standard.
+func ExampleSecurityHub_UpdateStandardsControl_shared00() {
+ svc := securityhub.New(session.New())
+ input := &securityhub.UpdateStandardsControlInput{
+ ControlStatus: aws.String("DISABLED"),
+ DisabledReason: aws.String("Not applicable to my service"),
+ StandardsControlArn: aws.String("arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1"),
+ }
+
+ result, err := svc.UpdateStandardsControl(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case securityhub.ErrCodeInternalException:
+ fmt.Println(securityhub.ErrCodeInternalException, aerr.Error())
+ case securityhub.ErrCodeInvalidInputException:
+ fmt.Println(securityhub.ErrCodeInvalidInputException, aerr.Error())
+ case securityhub.ErrCodeInvalidAccessException:
+ fmt.Println(securityhub.ErrCodeInvalidAccessException, aerr.Error())
+ case securityhub.ErrCodeResourceNotFoundException:
+ fmt.Println(securityhub.ErrCodeResourceNotFoundException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}