Creates a media capture pipeline.
" + }, "CreateMeeting": { "name": "CreateMeeting", "http": { @@ -1862,6 +1900,41 @@ ], "documentation": "Deletes the events configuration that allows a bot to receive outgoing events.
" }, + "DeleteMediaCapturePipeline": { + "name": "DeleteMediaCapturePipeline", + "http": { + "method": "DELETE", + "requestUri": "/media-capture-pipelines/{mediaPipelineId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteMediaCapturePipelineRequest" + }, + "errors": [ + { + "shape": "ForbiddenException" + }, + { + "shape": "NotFoundException" + }, + { + "shape": "BadRequestException" + }, + { + "shape": "ThrottledClientException" + }, + { + "shape": "UnauthorizedClientException" + }, + { + "shape": "ServiceUnavailableException" + }, + { + "shape": "ServiceFailureException" + } + ], + "documentation": "Deletes the media capture pipeline.
" + }, "DeleteMeeting": { "name": "DeleteMeeting", "http": { @@ -3242,6 +3315,44 @@ ], "documentation": "Retrieves global settings for the administrator's AWS account, such as Amazon Chime Business Calling and Amazon Chime Voice Connector settings.
" }, + "GetMediaCapturePipeline": { + "name": "GetMediaCapturePipeline", + "http": { + "method": "GET", + "requestUri": "/media-capture-pipelines/{mediaPipelineId}", + "responseCode": 200 + }, + "input": { + "shape": "GetMediaCapturePipelineRequest" + }, + "output": { + "shape": "GetMediaCapturePipelineResponse" + }, + "errors": [ + { + "shape": "NotFoundException" + }, + { + "shape": "ForbiddenException" + }, + { + "shape": "BadRequestException" + }, + { + "shape": "UnauthorizedClientException" + }, + { + "shape": "ThrottledClientException" + }, + { + "shape": "ServiceUnavailableException" + }, + { + "shape": "ServiceFailureException" + } + ], + "documentation": "Gets an existing media capture pipeline.
" + }, "GetMeeting": { "name": "GetMeeting", "http": { @@ -4636,6 +4747,41 @@ "hostPrefix": "messaging-" } }, + "ListMediaCapturePipelines": { + "name": "ListMediaCapturePipelines", + "http": { + "method": "GET", + "requestUri": "/media-capture-pipelines", + "responseCode": 200 + }, + "input": { + "shape": "ListMediaCapturePipelinesRequest" + }, + "output": { + "shape": "ListMediaCapturePipelinesResponse" + }, + "errors": [ + { + "shape": "BadRequestException" + }, + { + "shape": "ForbiddenException" + }, + { + "shape": "ThrottledClientException" + }, + { + "shape": "UnauthorizedClientException" + }, + { + "shape": "ServiceUnavailableException" + }, + { + "shape": "ServiceFailureException" + } + ], + "documentation": "Returns a list of media capture pipelines.
" + }, "ListMeetingTags": { "name": "ListMeetingTags", "http": { @@ -8704,6 +8850,47 @@ } } }, + "CreateMediaCapturePipelineRequest": { + "type": "structure", + "required": [ + "SourceType", + "SourceArn", + "SinkType", + "SinkArn" + ], + "members": { + "SourceType": { + "shape": "MediaPipelineSourceType", + "documentation": "Source type from which the media artifacts will be captured. A Chime SDK Meeting is the only supported source.
" + }, + "SourceArn": { + "shape": "Arn", + "documentation": "ARN of the source from which the media artifacts are captured.
" + }, + "SinkType": { + "shape": "MediaPipelineSinkType", + "documentation": "Destination type to which the media artifacts are saved. You must use an S3 bucket.
" + }, + "SinkArn": { + "shape": "Arn", + "documentation": "The ARN of the sink type.
" + }, + "ClientRequestToken": { + "shape": "ClientRequestToken", + "documentation": "The token assigned to the client making the pipeline request.
", + "idempotencyToken": true + } + } + }, + "CreateMediaCapturePipelineResponse": { + "type": "structure", + "members": { + "MediaCapturePipeline": { + "shape": "MediaCapturePipeline", + "documentation": "A media capture pipeline object, the ID, source type, source ARN, sink type, and sink ARN of a media capture pipeline object.
" + } + } + }, "CreateMeetingDialOutRequest": { "type": "structure", "required": [ @@ -9491,6 +9678,20 @@ } } }, + "DeleteMediaCapturePipelineRequest": { + "type": "structure", + "required": [ + "MediaPipelineId" + ], + "members": { + "MediaPipelineId": { + "shape": "GuidString", + "documentation": "The ID of the media capture pipeline being deleted.
", + "location": "uri", + "locationName": "mediaPipelineId" + } + } + }, "DeleteMeetingRequest": { "type": "structure", "required": [ @@ -10473,6 +10674,29 @@ } } }, + "GetMediaCapturePipelineRequest": { + "type": "structure", + "required": [ + "MediaPipelineId" + ], + "members": { + "MediaPipelineId": { + "shape": "GuidString", + "documentation": "The ID of the pipeline that you want to get.
", + "location": "uri", + "locationName": "mediaPipelineId" + } + } + }, + "GetMediaCapturePipelineResponse": { + "type": "structure", + "members": { + "MediaCapturePipeline": { + "shape": "MediaCapturePipeline", + "documentation": "The media capture pipeline object.
" + } + } + }, "GetMeetingRequest": { "type": "structure", "required": [ @@ -11727,6 +11951,36 @@ } } }, + "ListMediaCapturePipelinesRequest": { + "type": "structure", + "members": { + "NextToken": { + "shape": "String", + "documentation": "The token used to retrieve the next page of results.
", + "location": "querystring", + "locationName": "next-token" + }, + "MaxResults": { + "shape": "ResultMax", + "documentation": "The maximum number of results to return in a single call. Valid Range: 1 - 99.
", + "location": "querystring", + "locationName": "max-results" + } + } + }, + "ListMediaCapturePipelinesResponse": { + "type": "structure", + "members": { + "MediaCapturePipelines": { + "shape": "MediaCapturePipelineList", + "documentation": "The media capture pipeline objects in the list.
" + }, + "NextToken": { + "shape": "String", + "documentation": "The token used to retrieve the next page of results.
" + } + } + }, "ListMeetingTagsRequest": { "type": "structure", "required": [ @@ -12286,6 +12540,72 @@ "max": 50, "min": 1 }, + "MediaCapturePipeline": { + "type": "structure", + "members": { + "MediaPipelineId": { + "shape": "GuidString", + "documentation": "The ID of a media capture pipeline.
" + }, + "SourceType": { + "shape": "MediaPipelineSourceType", + "documentation": "Source type from which media artifacts are saved. You must use ChimeMeeting.
ARN of the source from which the media artifacts will be saved.
" + }, + "Status": { + "shape": "MediaPipelineStatus", + "documentation": "The status of the media capture pipeline.
" + }, + "SinkType": { + "shape": "MediaPipelineSinkType", + "documentation": "Destination type to which the media artifacts are saved. You must use an S3 Bucket.
" + }, + "SinkArn": { + "shape": "Arn", + "documentation": "ARN of the destination to which the media artifacts are saved.
" + }, + "CreatedTimestamp": { + "shape": "Iso8601Timestamp", + "documentation": "The time at which the capture pipeline was created, in ISO 8601 format.
" + }, + "UpdatedTimestamp": { + "shape": "Iso8601Timestamp", + "documentation": "The time at which the capture pipeline was updated, in ISO 8601 format.
" + } + }, + "documentation": "A media capture pipeline object. A string consisting of an ID, source type, a source ARN, a sink type, and a sink ARN.
" + }, + "MediaCapturePipelineList": { + "type": "list", + "member": { + "shape": "MediaCapturePipeline" + } + }, + "MediaPipelineSinkType": { + "type": "string", + "enum": [ + "S3Bucket" + ] + }, + "MediaPipelineSourceType": { + "type": "string", + "enum": [ + "ChimeSdkMeeting" + ] + }, + "MediaPipelineStatus": { + "type": "string", + "enum": [ + "Initializing", + "InProgress", + "Failed", + "Stopping", + "Stopped" + ] + }, "MediaPlacement": { "type": "structure", "members": { diff --git a/apis/chime-2018-05-01.paginators.json b/apis/chime-2018-05-01.paginators.json index 8021a1e884..0f87c882ba 100644 --- a/apis/chime-2018-05-01.paginators.json +++ b/apis/chime-2018-05-01.paginators.json @@ -65,6 +65,11 @@ "output_token": "NextToken", "limit_key": "MaxResults" }, + "ListMediaCapturePipelines": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults" + }, "ListMeetings": { "input_token": "NextToken", "output_token": "NextToken", diff --git a/apis/cloudfront-2020-05-31.min.json b/apis/cloudfront-2020-05-31.min.json index 42fc2991a3..cbd53e87f2 100644 --- a/apis/cloudfront-2020-05-31.min.json +++ b/apis/cloudfront-2020-05-31.min.json @@ -12,6 +12,30 @@ "uid": "cloudfront-2020-05-31" }, "operations": { + "AssociateAlias": { + "http": { + "method": "PUT", + "requestUri": "/2020-05-31/distribution/{TargetDistributionId}/associate-alias", + "responseCode": 200 + }, + "input": { + "type": "structure", + "required": [ + "TargetDistributionId", + "Alias" + ], + "members": { + "TargetDistributionId": { + "location": "uri", + "locationName": "TargetDistributionId" + }, + "Alias": { + "location": "querystring", + "locationName": "Alias" + } + } + } + }, "CreateCachePolicy": { "http": { "requestUri": "/2020-05-31/cache-policy", @@ -24,7 +48,7 @@ ], "members": { "CachePolicyConfig": { - "shape": "S2", + "shape": "S4", "locationName": "CachePolicyConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -37,7 +61,7 @@ "type": "structure", "members": { "CachePolicy": { - "shape": "Sl" + "shape": "Sm" }, "Location": { "location": "header", @@ -63,7 +87,7 @@ ], "members": { "CloudFrontOriginAccessIdentityConfig": { - "shape": "So", + "shape": "Sp", "locationName": "CloudFrontOriginAccessIdentityConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -76,7 +100,7 @@ "type": "structure", "members": { "CloudFrontOriginAccessIdentity": { - "shape": "Sq" + "shape": "Sr" }, "Location": { "location": "header", @@ -102,7 +126,7 @@ ], "members": { "DistributionConfig": { - "shape": "Ss", + "shape": "St", "locationName": "DistributionConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -115,7 +139,7 @@ "type": "structure", "members": { "Distribution": { - "shape": "S2p" + "shape": "S2q" }, "Location": { "location": "header", @@ -152,10 +176,10 @@ ], "members": { "DistributionConfig": { - "shape": "Ss" + "shape": "St" }, "Tags": { - "shape": "S33" + "shape": "S34" } } } @@ -166,7 +190,7 @@ "type": "structure", "members": { "Distribution": { - "shape": "S2p" + "shape": "S2q" }, "Location": { "location": "header", @@ -192,7 +216,7 @@ ], "members": { "FieldLevelEncryptionConfig": { - "shape": "S3a", + "shape": "S3b", "locationName": "FieldLevelEncryptionConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -205,7 +229,7 @@ "type": "structure", "members": { "FieldLevelEncryption": { - "shape": "S3l" + "shape": "S3m" }, "Location": { "location": "header", @@ -231,7 +255,7 @@ ], "members": { "FieldLevelEncryptionProfileConfig": { - "shape": "S3n", + "shape": "S3o", "locationName": "FieldLevelEncryptionProfileConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -244,7 +268,7 @@ "type": "structure", "members": { "FieldLevelEncryptionProfile": { - "shape": "S3u" + "shape": "S3v" }, "Location": { "location": "header", @@ -277,10 +301,10 @@ "members": { "Name": {}, "FunctionConfig": { - "shape": "S3x" + "shape": "S3y" }, "FunctionCode": { - "shape": "S3z" + "shape": "S40" } } }, @@ -288,7 +312,7 @@ "type": "structure", "members": { "FunctionSummary": { - "shape": "S41" + "shape": "S42" }, "Location": { "location": "header", @@ -319,7 +343,7 @@ "locationName": "DistributionId" }, "InvalidationBatch": { - "shape": "S45", + "shape": "S46", "locationName": "InvalidationBatch", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -336,7 +360,7 @@ "locationName": "Location" }, "Invalidation": { - "shape": "S49" + "shape": "S4a" } }, "payload": "Invalidation" @@ -354,7 +378,7 @@ ], "members": { "KeyGroupConfig": { - "shape": "S4b", + "shape": "S4c", "locationName": "KeyGroupConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -367,7 +391,7 @@ "type": "structure", "members": { "KeyGroup": { - "shape": "S4e" + "shape": "S4f" }, "Location": { "location": "header", @@ -397,7 +421,7 @@ "locationName": "DistributionId" }, "MonitoringSubscription": { - "shape": "S4g", + "shape": "S4h", "locationName": "MonitoringSubscription", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -410,7 +434,7 @@ "type": "structure", "members": { "MonitoringSubscription": { - "shape": "S4g" + "shape": "S4h" } }, "payload": "MonitoringSubscription" @@ -428,7 +452,7 @@ ], "members": { "OriginRequestPolicyConfig": { - "shape": "S4l", + "shape": "S4m", "locationName": "OriginRequestPolicyConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -441,7 +465,7 @@ "type": "structure", "members": { "OriginRequestPolicy": { - "shape": "S4t" + "shape": "S4u" }, "Location": { "location": "header", @@ -467,7 +491,7 @@ ], "members": { "PublicKeyConfig": { - "shape": "S4v", + "shape": "S4w", "locationName": "PublicKeyConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -480,7 +504,7 @@ "type": "structure", "members": { "PublicKey": { - "shape": "S4x" + "shape": "S4y" }, "Location": { "location": "header", @@ -513,10 +537,10 @@ ], "members": { "EndPoints": { - "shape": "S4z" + "shape": "S50" }, "Fields": { - "shape": "S52" + "shape": "S53" }, "Name": {}, "SamplingRate": { @@ -528,7 +552,7 @@ "type": "structure", "members": { "RealtimeLogConfig": { - "shape": "S54" + "shape": "S55" } } } @@ -545,7 +569,7 @@ ], "members": { "StreamingDistributionConfig": { - "shape": "S56", + "shape": "S57", "locationName": "StreamingDistributionConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -558,7 +582,7 @@ "type": "structure", "members": { "StreamingDistribution": { - "shape": "S5a" + "shape": "S5b" }, "Location": { "location": "header", @@ -595,10 +619,10 @@ ], "members": { "StreamingDistributionConfig": { - "shape": "S56" + "shape": "S57" }, "Tags": { - "shape": "S33" + "shape": "S34" } } } @@ -609,7 +633,7 @@ "type": "structure", "members": { "StreamingDistribution": { - "shape": "S5a" + "shape": "S5b" }, "Location": { "location": "header", @@ -918,7 +942,7 @@ "type": "structure", "members": { "FunctionSummary": { - "shape": "S41" + "shape": "S42" }, "ETag": { "location": "header", @@ -949,7 +973,7 @@ "type": "structure", "members": { "CachePolicy": { - "shape": "Sl" + "shape": "Sm" }, "ETag": { "location": "header", @@ -980,7 +1004,7 @@ "type": "structure", "members": { "CachePolicyConfig": { - "shape": "S2" + "shape": "S4" }, "ETag": { "location": "header", @@ -1011,7 +1035,7 @@ "type": "structure", "members": { "CloudFrontOriginAccessIdentity": { - "shape": "Sq" + "shape": "Sr" }, "ETag": { "location": "header", @@ -1042,7 +1066,7 @@ "type": "structure", "members": { "CloudFrontOriginAccessIdentityConfig": { - "shape": "So" + "shape": "Sp" }, "ETag": { "location": "header", @@ -1073,7 +1097,7 @@ "type": "structure", "members": { "Distribution": { - "shape": "S2p" + "shape": "S2q" }, "ETag": { "location": "header", @@ -1104,7 +1128,7 @@ "type": "structure", "members": { "DistributionConfig": { - "shape": "Ss" + "shape": "St" }, "ETag": { "location": "header", @@ -1135,7 +1159,7 @@ "type": "structure", "members": { "FieldLevelEncryption": { - "shape": "S3l" + "shape": "S3m" }, "ETag": { "location": "header", @@ -1166,7 +1190,7 @@ "type": "structure", "members": { "FieldLevelEncryptionConfig": { - "shape": "S3a" + "shape": "S3b" }, "ETag": { "location": "header", @@ -1197,7 +1221,7 @@ "type": "structure", "members": { "FieldLevelEncryptionProfile": { - "shape": "S3u" + "shape": "S3v" }, "ETag": { "location": "header", @@ -1228,7 +1252,7 @@ "type": "structure", "members": { "FieldLevelEncryptionProfileConfig": { - "shape": "S3n" + "shape": "S3o" }, "ETag": { "location": "header", @@ -1263,7 +1287,7 @@ "type": "structure", "members": { "FunctionCode": { - "shape": "S3z" + "shape": "S40" }, "ETag": { "location": "header", @@ -1303,7 +1327,7 @@ "type": "structure", "members": { "Invalidation": { - "shape": "S49" + "shape": "S4a" } }, "payload": "Invalidation" @@ -1330,7 +1354,7 @@ "type": "structure", "members": { "KeyGroup": { - "shape": "S4e" + "shape": "S4f" }, "ETag": { "location": "header", @@ -1361,7 +1385,7 @@ "type": "structure", "members": { "KeyGroupConfig": { - "shape": "S4b" + "shape": "S4c" }, "ETag": { "location": "header", @@ -1392,7 +1416,7 @@ "type": "structure", "members": { "MonitoringSubscription": { - "shape": "S4g" + "shape": "S4h" } }, "payload": "MonitoringSubscription" @@ -1419,7 +1443,7 @@ "type": "structure", "members": { "OriginRequestPolicy": { - "shape": "S4t" + "shape": "S4u" }, "ETag": { "location": "header", @@ -1450,7 +1474,7 @@ "type": "structure", "members": { "OriginRequestPolicyConfig": { - "shape": "S4l" + "shape": "S4m" }, "ETag": { "location": "header", @@ -1481,7 +1505,7 @@ "type": "structure", "members": { "PublicKey": { - "shape": "S4x" + "shape": "S4y" }, "ETag": { "location": "header", @@ -1512,7 +1536,7 @@ "type": "structure", "members": { "PublicKeyConfig": { - "shape": "S4v" + "shape": "S4w" }, "ETag": { "location": "header", @@ -1541,7 +1565,7 @@ "type": "structure", "members": { "RealtimeLogConfig": { - "shape": "S54" + "shape": "S55" } } } @@ -1567,7 +1591,7 @@ "type": "structure", "members": { "StreamingDistribution": { - "shape": "S5a" + "shape": "S5b" }, "ETag": { "location": "header", @@ -1598,7 +1622,7 @@ "type": "structure", "members": { "StreamingDistributionConfig": { - "shape": "S56" + "shape": "S57" }, "ETag": { "location": "header", @@ -1659,7 +1683,7 @@ "members": { "Type": {}, "CachePolicy": { - "shape": "Sl" + "shape": "Sm" } } } @@ -1734,6 +1758,69 @@ "payload": "CloudFrontOriginAccessIdentityList" } }, + "ListConflictingAliases": { + "http": { + "method": "GET", + "requestUri": "/2020-05-31/conflicting-alias", + "responseCode": 200 + }, + "input": { + "type": "structure", + "required": [ + "DistributionId", + "Alias" + ], + "members": { + "DistributionId": { + "location": "querystring", + "locationName": "DistributionId" + }, + "Alias": { + "location": "querystring", + "locationName": "Alias" + }, + "Marker": { + "location": "querystring", + "locationName": "Marker" + }, + "MaxItems": { + "location": "querystring", + "locationName": "MaxItems", + "type": "integer" + } + } + }, + "output": { + "type": "structure", + "members": { + "ConflictingAliasesList": { + "type": "structure", + "members": { + "NextMarker": {}, + "MaxItems": { + "type": "integer" + }, + "Quantity": { + "type": "integer" + }, + "Items": { + "type": "list", + "member": { + "locationName": "ConflictingAlias", + "type": "structure", + "members": { + "Alias": {}, + "DistributionId": {}, + "AccountId": {} + } + } + } + } + } + }, + "payload": "ConflictingAliasesList" + } + }, "ListDistributions": { "http": { "method": "GET", @@ -1756,7 +1843,7 @@ "type": "structure", "members": { "DistributionList": { - "shape": "S7e" + "shape": "S7n" } }, "payload": "DistributionList" @@ -1791,7 +1878,7 @@ "type": "structure", "members": { "DistributionIdList": { - "shape": "S7j" + "shape": "S7s" } }, "payload": "DistributionIdList" @@ -1826,7 +1913,7 @@ "type": "structure", "members": { "DistributionIdList": { - "shape": "S7j" + "shape": "S7s" } }, "payload": "DistributionIdList" @@ -1861,7 +1948,7 @@ "type": "structure", "members": { "DistributionIdList": { - "shape": "S7j" + "shape": "S7s" } }, "payload": "DistributionIdList" @@ -1888,7 +1975,7 @@ "type": "structure", "members": { "DistributionList": { - "shape": "S7e" + "shape": "S7n" } }, "payload": "DistributionList" @@ -1923,7 +2010,7 @@ "type": "structure", "members": { "DistributionList": { - "shape": "S7e" + "shape": "S7n" } }, "payload": "DistributionList" @@ -1980,10 +2067,10 @@ }, "Comment": {}, "QueryArgProfileConfig": { - "shape": "S3b" + "shape": "S3c" }, "ContentTypeProfileConfig": { - "shape": "S3f" + "shape": "S3g" } } } @@ -2047,7 +2134,7 @@ }, "Name": {}, "EncryptionEntities": { - "shape": "S3o" + "shape": "S3p" }, "Comment": {} } @@ -2101,7 +2188,7 @@ "Items": { "type": "list", "member": { - "shape": "S41", + "shape": "S42", "locationName": "FunctionSummary" } } @@ -2229,7 +2316,7 @@ ], "members": { "KeyGroup": { - "shape": "S4e" + "shape": "S4f" } } } @@ -2291,7 +2378,7 @@ "members": { "Type": {}, "OriginRequestPolicy": { - "shape": "S4t" + "shape": "S4u" } } } @@ -2400,7 +2487,7 @@ "Items": { "type": "list", "member": { - "shape": "S54" + "shape": "S55" } }, "IsTruncated": { @@ -2482,13 +2569,13 @@ }, "DomainName": {}, "S3Origin": { - "shape": "S57" + "shape": "S58" }, "Aliases": { - "shape": "St" + "shape": "Su" }, "TrustedSigners": { - "shape": "S1j" + "shape": "S1k" }, "Comment": {}, "PriceClass": {}, @@ -2528,7 +2615,7 @@ ], "members": { "Tags": { - "shape": "S33" + "shape": "S34" } }, "payload": "Tags" @@ -2559,7 +2646,7 @@ "type": "structure", "members": { "FunctionSummary": { - "shape": "S41" + "shape": "S42" } }, "payload": "FunctionSummary" @@ -2582,7 +2669,7 @@ "locationName": "Resource" }, "Tags": { - "shape": "S33", + "shape": "S34", "locationName": "Tags", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -2630,7 +2717,7 @@ "type": "structure", "members": { "FunctionSummary": { - "shape": "S41" + "shape": "S42" }, "ComputeUtilization": {}, "FunctionExecutionLogs": { @@ -2693,7 +2780,7 @@ ], "members": { "CachePolicyConfig": { - "shape": "S2", + "shape": "S4", "locationName": "CachePolicyConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -2714,7 +2801,7 @@ "type": "structure", "members": { "CachePolicy": { - "shape": "Sl" + "shape": "Sm" }, "ETag": { "location": "header", @@ -2737,7 +2824,7 @@ ], "members": { "CloudFrontOriginAccessIdentityConfig": { - "shape": "So", + "shape": "Sp", "locationName": "CloudFrontOriginAccessIdentityConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -2758,7 +2845,7 @@ "type": "structure", "members": { "CloudFrontOriginAccessIdentity": { - "shape": "Sq" + "shape": "Sr" }, "ETag": { "location": "header", @@ -2781,7 +2868,7 @@ ], "members": { "DistributionConfig": { - "shape": "Ss", + "shape": "St", "locationName": "DistributionConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -2802,7 +2889,7 @@ "type": "structure", "members": { "Distribution": { - "shape": "S2p" + "shape": "S2q" }, "ETag": { "location": "header", @@ -2825,7 +2912,7 @@ ], "members": { "FieldLevelEncryptionConfig": { - "shape": "S3a", + "shape": "S3b", "locationName": "FieldLevelEncryptionConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -2846,7 +2933,7 @@ "type": "structure", "members": { "FieldLevelEncryption": { - "shape": "S3l" + "shape": "S3m" }, "ETag": { "location": "header", @@ -2869,7 +2956,7 @@ ], "members": { "FieldLevelEncryptionProfileConfig": { - "shape": "S3n", + "shape": "S3o", "locationName": "FieldLevelEncryptionProfileConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -2890,7 +2977,7 @@ "type": "structure", "members": { "FieldLevelEncryptionProfile": { - "shape": "S3u" + "shape": "S3v" }, "ETag": { "location": "header", @@ -2927,10 +3014,10 @@ "locationName": "If-Match" }, "FunctionConfig": { - "shape": "S3x" + "shape": "S3y" }, "FunctionCode": { - "shape": "S3z" + "shape": "S40" } } }, @@ -2938,7 +3025,7 @@ "type": "structure", "members": { "FunctionSummary": { - "shape": "S41" + "shape": "S42" }, "ETag": { "location": "header", @@ -2961,7 +3048,7 @@ ], "members": { "KeyGroupConfig": { - "shape": "S4b", + "shape": "S4c", "locationName": "KeyGroupConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -2982,7 +3069,7 @@ "type": "structure", "members": { "KeyGroup": { - "shape": "S4e" + "shape": "S4f" }, "ETag": { "location": "header", @@ -3005,7 +3092,7 @@ ], "members": { "OriginRequestPolicyConfig": { - "shape": "S4l", + "shape": "S4m", "locationName": "OriginRequestPolicyConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -3026,7 +3113,7 @@ "type": "structure", "members": { "OriginRequestPolicy": { - "shape": "S4t" + "shape": "S4u" }, "ETag": { "location": "header", @@ -3049,7 +3136,7 @@ ], "members": { "PublicKeyConfig": { - "shape": "S4v", + "shape": "S4w", "locationName": "PublicKeyConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -3070,7 +3157,7 @@ "type": "structure", "members": { "PublicKey": { - "shape": "S4x" + "shape": "S4y" }, "ETag": { "location": "header", @@ -3093,10 +3180,10 @@ "type": "structure", "members": { "EndPoints": { - "shape": "S4z" + "shape": "S50" }, "Fields": { - "shape": "S52" + "shape": "S53" }, "Name": {}, "ARN": {}, @@ -3109,7 +3196,7 @@ "type": "structure", "members": { "RealtimeLogConfig": { - "shape": "S54" + "shape": "S55" } } } @@ -3127,7 +3214,7 @@ ], "members": { "StreamingDistributionConfig": { - "shape": "S56", + "shape": "S57", "locationName": "StreamingDistributionConfig", "xmlNamespace": { "uri": "http://cloudfront.amazonaws.com/doc/2020-05-31/" @@ -3148,7 +3235,7 @@ "type": "structure", "members": { "StreamingDistribution": { - "shape": "S5a" + "shape": "S5b" }, "ETag": { "location": "header", @@ -3160,7 +3247,7 @@ } }, "shapes": { - "S2": { + "S4": { "type": "structure", "required": [ "Name", @@ -3201,7 +3288,7 @@ "members": { "HeaderBehavior": {}, "Headers": { - "shape": "S9" + "shape": "Sa" } } }, @@ -3213,7 +3300,7 @@ "members": { "CookieBehavior": {}, "Cookies": { - "shape": "Se" + "shape": "Sf" } } }, @@ -3225,7 +3312,7 @@ "members": { "QueryStringBehavior": {}, "QueryStrings": { - "shape": "Si" + "shape": "Sj" } } } @@ -3233,7 +3320,7 @@ } } }, - "S9": { + "Sa": { "type": "structure", "required": [ "Quantity" @@ -3250,7 +3337,7 @@ } } }, - "Se": { + "Sf": { "type": "structure", "required": [ "Quantity" @@ -3267,7 +3354,7 @@ } } }, - "Si": { + "Sj": { "type": "structure", "required": [ "Quantity" @@ -3284,7 +3371,7 @@ } } }, - "Sl": { + "Sm": { "type": "structure", "required": [ "Id", @@ -3297,11 +3384,11 @@ "type": "timestamp" }, "CachePolicyConfig": { - "shape": "S2" + "shape": "S4" } } }, - "So": { + "Sp": { "type": "structure", "required": [ "CallerReference", @@ -3312,7 +3399,7 @@ "Comment": {} } }, - "Sq": { + "Sr": { "type": "structure", "required": [ "Id", @@ -3322,11 +3409,11 @@ "Id": {}, "S3CanonicalUserId": {}, "CloudFrontOriginAccessIdentityConfig": { - "shape": "So" + "shape": "Sp" } } }, - "Ss": { + "St": { "type": "structure", "required": [ "CallerReference", @@ -3338,23 +3425,23 @@ "members": { "CallerReference": {}, "Aliases": { - "shape": "St" + "shape": "Su" }, "DefaultRootObject": {}, "Origins": { - "shape": "Sv" + "shape": "Sw" }, "OriginGroups": { - "shape": "S19" + "shape": "S1a" }, "DefaultCacheBehavior": { - "shape": "S1i" + "shape": "S1j" }, "CacheBehaviors": { - "shape": "S26" + "shape": "S27" }, "CustomErrorResponses": { - "shape": "S29" + "shape": "S2a" }, "Comment": { "type": "string", @@ -3384,10 +3471,10 @@ "type": "boolean" }, "ViewerCertificate": { - "shape": "S2f" + "shape": "S2g" }, "Restrictions": { - "shape": "S2j" + "shape": "S2k" }, "WebACLId": {}, "HttpVersion": {}, @@ -3396,7 +3483,7 @@ } } }, - "St": { + "Su": { "type": "structure", "required": [ "Quantity" @@ -3413,7 +3500,7 @@ } } }, - "Sv": { + "Sw": { "type": "structure", "required": [ "Quantity", @@ -3535,7 +3622,7 @@ } } }, - "S19": { + "S1a": { "type": "structure", "required": [ "Quantity" @@ -3613,7 +3700,7 @@ } } }, - "S1i": { + "S1j": { "type": "structure", "required": [ "TargetOriginId", @@ -3622,14 +3709,14 @@ "members": { "TargetOriginId": {}, "TrustedSigners": { - "shape": "S1j" + "shape": "S1k" }, "TrustedKeyGroups": { - "shape": "S1l" + "shape": "S1m" }, "ViewerProtocolPolicy": {}, "AllowedMethods": { - "shape": "S1o" + "shape": "S1p" }, "SmoothStreaming": { "type": "boolean" @@ -3638,17 +3725,17 @@ "type": "boolean" }, "LambdaFunctionAssociations": { - "shape": "S1s" + "shape": "S1t" }, "FunctionAssociations": { - "shape": "S1x" + "shape": "S1y" }, "FieldLevelEncryptionId": {}, "RealtimeLogConfigArn": {}, "CachePolicyId": {}, "OriginRequestPolicyId": {}, "ForwardedValues": { - "shape": "S21", + "shape": "S22", "deprecated": true }, "MinTTL": { @@ -3665,7 +3752,7 @@ } } }, - "S1j": { + "S1k": { "type": "structure", "required": [ "Enabled", @@ -3686,7 +3773,7 @@ } } }, - "S1l": { + "S1m": { "type": "structure", "required": [ "Enabled", @@ -3707,7 +3794,7 @@ } } }, - "S1o": { + "S1p": { "type": "structure", "required": [ "Quantity", @@ -3718,7 +3805,7 @@ "type": "integer" }, "Items": { - "shape": "S1p" + "shape": "S1q" }, "CachedMethods": { "type": "structure", @@ -3731,19 +3818,19 @@ "type": "integer" }, "Items": { - "shape": "S1p" + "shape": "S1q" } } } } }, - "S1p": { + "S1q": { "type": "list", "member": { "locationName": "Method" } }, - "S1s": { + "S1t": { "type": "structure", "required": [ "Quantity" @@ -3772,7 +3859,7 @@ } } }, - "S1x": { + "S1y": { "type": "structure", "required": [ "Quantity" @@ -3798,7 +3885,7 @@ } } }, - "S21": { + "S22": { "type": "structure", "required": [ "QueryString", @@ -3816,12 +3903,12 @@ "members": { "Forward": {}, "WhitelistedNames": { - "shape": "Se" + "shape": "Sf" } } }, "Headers": { - "shape": "S9" + "shape": "Sa" }, "QueryStringCacheKeys": { "type": "structure", @@ -3842,7 +3929,7 @@ } } }, - "S26": { + "S27": { "type": "structure", "required": [ "Quantity" @@ -3865,14 +3952,14 @@ "PathPattern": {}, "TargetOriginId": {}, "TrustedSigners": { - "shape": "S1j" + "shape": "S1k" }, "TrustedKeyGroups": { - "shape": "S1l" + "shape": "S1m" }, "ViewerProtocolPolicy": {}, "AllowedMethods": { - "shape": "S1o" + "shape": "S1p" }, "SmoothStreaming": { "type": "boolean" @@ -3881,17 +3968,17 @@ "type": "boolean" }, "LambdaFunctionAssociations": { - "shape": "S1s" + "shape": "S1t" }, "FunctionAssociations": { - "shape": "S1x" + "shape": "S1y" }, "FieldLevelEncryptionId": {}, "RealtimeLogConfigArn": {}, "CachePolicyId": {}, "OriginRequestPolicyId": {}, "ForwardedValues": { - "shape": "S21", + "shape": "S22", "deprecated": true }, "MinTTL": { @@ -3911,7 +3998,7 @@ } } }, - "S29": { + "S2a": { "type": "structure", "required": [ "Quantity" @@ -3942,7 +4029,7 @@ } } }, - "S2f": { + "S2g": { "type": "structure", "members": { "CloudFrontDefaultCertificate": { @@ -3960,7 +4047,7 @@ } } }, - "S2j": { + "S2k": { "type": "structure", "required": [ "GeoRestriction" @@ -3987,7 +4074,7 @@ } } }, - "S2p": { + "S2q": { "type": "structure", "required": [ "Id", @@ -4010,7 +4097,7 @@ }, "DomainName": {}, "ActiveTrustedSigners": { - "shape": "S2q" + "shape": "S2r" }, "ActiveTrustedKeyGroups": { "type": "structure", @@ -4033,7 +4120,7 @@ "members": { "KeyGroupId": {}, "KeyPairIds": { - "shape": "S2t" + "shape": "S2u" } } } @@ -4041,14 +4128,14 @@ } }, "DistributionConfig": { - "shape": "Ss" + "shape": "St" }, "AliasICPRecordals": { - "shape": "S2y" + "shape": "S2z" } } }, - "S2q": { + "S2r": { "type": "structure", "required": [ "Enabled", @@ -4069,14 +4156,14 @@ "members": { "AwsAccountNumber": {}, "KeyPairIds": { - "shape": "S2t" + "shape": "S2u" } } } } } }, - "S2t": { + "S2u": { "type": "structure", "required": [ "Quantity" @@ -4093,7 +4180,7 @@ } } }, - "S2y": { + "S2z": { "type": "list", "member": { "locationName": "AliasICPRecordal", @@ -4104,7 +4191,7 @@ } } }, - "S33": { + "S34": { "type": "structure", "members": { "Items": { @@ -4123,7 +4210,7 @@ } } }, - "S3a": { + "S3b": { "type": "structure", "required": [ "CallerReference" @@ -4132,14 +4219,14 @@ "CallerReference": {}, "Comment": {}, "QueryArgProfileConfig": { - "shape": "S3b" + "shape": "S3c" }, "ContentTypeProfileConfig": { - "shape": "S3f" + "shape": "S3g" } } }, - "S3b": { + "S3c": { "type": "structure", "required": [ "ForwardWhenQueryArgProfileIsUnknown" @@ -4176,7 +4263,7 @@ } } }, - "S3f": { + "S3g": { "type": "structure", "required": [ "ForwardWhenContentTypeIsUnknown" @@ -4214,7 +4301,7 @@ } } }, - "S3l": { + "S3m": { "type": "structure", "required": [ "Id", @@ -4227,11 +4314,11 @@ "type": "timestamp" }, "FieldLevelEncryptionConfig": { - "shape": "S3a" + "shape": "S3b" } } }, - "S3n": { + "S3o": { "type": "structure", "required": [ "Name", @@ -4243,11 +4330,11 @@ "CallerReference": {}, "Comment": {}, "EncryptionEntities": { - "shape": "S3o" + "shape": "S3p" } } }, - "S3o": { + "S3p": { "type": "structure", "required": [ "Quantity" @@ -4291,7 +4378,7 @@ } } }, - "S3u": { + "S3v": { "type": "structure", "required": [ "Id", @@ -4304,11 +4391,11 @@ "type": "timestamp" }, "FieldLevelEncryptionProfileConfig": { - "shape": "S3n" + "shape": "S3o" } } }, - "S3x": { + "S3y": { "type": "structure", "required": [ "Comment", @@ -4319,11 +4406,11 @@ "Runtime": {} } }, - "S3z": { + "S40": { "type": "blob", "sensitive": true }, - "S41": { + "S42": { "type": "structure", "required": [ "Name", @@ -4334,7 +4421,7 @@ "Name": {}, "Status": {}, "FunctionConfig": { - "shape": "S3x" + "shape": "S3y" }, "FunctionMetadata": { "type": "structure", @@ -4355,7 +4442,7 @@ } } }, - "S45": { + "S46": { "type": "structure", "required": [ "Paths", @@ -4382,7 +4469,7 @@ "CallerReference": {} } }, - "S49": { + "S4a": { "type": "structure", "required": [ "Id", @@ -4397,11 +4484,11 @@ "type": "timestamp" }, "InvalidationBatch": { - "shape": "S45" + "shape": "S46" } } }, - "S4b": { + "S4c": { "type": "structure", "required": [ "Name", @@ -4418,7 +4505,7 @@ "Comment": {} } }, - "S4e": { + "S4f": { "type": "structure", "required": [ "Id", @@ -4431,11 +4518,11 @@ "type": "timestamp" }, "KeyGroupConfig": { - "shape": "S4b" + "shape": "S4c" } } }, - "S4g": { + "S4h": { "type": "structure", "members": { "RealtimeMetricsSubscriptionConfig": { @@ -4449,7 +4536,7 @@ } } }, - "S4l": { + "S4m": { "type": "structure", "required": [ "Name", @@ -4468,7 +4555,7 @@ "members": { "HeaderBehavior": {}, "Headers": { - "shape": "S9" + "shape": "Sa" } } }, @@ -4480,7 +4567,7 @@ "members": { "CookieBehavior": {}, "Cookies": { - "shape": "Se" + "shape": "Sf" } } }, @@ -4492,13 +4579,13 @@ "members": { "QueryStringBehavior": {}, "QueryStrings": { - "shape": "Si" + "shape": "Sj" } } } } }, - "S4t": { + "S4u": { "type": "structure", "required": [ "Id", @@ -4511,11 +4598,11 @@ "type": "timestamp" }, "OriginRequestPolicyConfig": { - "shape": "S4l" + "shape": "S4m" } } }, - "S4v": { + "S4w": { "type": "structure", "required": [ "CallerReference", @@ -4529,7 +4616,7 @@ "Comment": {} } }, - "S4x": { + "S4y": { "type": "structure", "required": [ "Id", @@ -4542,11 +4629,11 @@ "type": "timestamp" }, "PublicKeyConfig": { - "shape": "S4v" + "shape": "S4w" } } }, - "S4z": { + "S50": { "type": "list", "member": { "type": "structure", @@ -4569,13 +4656,13 @@ } } }, - "S52": { + "S53": { "type": "list", "member": { "locationName": "Field" } }, - "S54": { + "S55": { "type": "structure", "required": [ "ARN", @@ -4591,14 +4678,14 @@ "type": "long" }, "EndPoints": { - "shape": "S4z" + "shape": "S50" }, "Fields": { - "shape": "S52" + "shape": "S53" } } }, - "S56": { + "S57": { "type": "structure", "required": [ "CallerReference", @@ -4610,10 +4697,10 @@ "members": { "CallerReference": {}, "S3Origin": { - "shape": "S57" + "shape": "S58" }, "Aliases": { - "shape": "St" + "shape": "Su" }, "Comment": {}, "Logging": { @@ -4632,7 +4719,7 @@ } }, "TrustedSigners": { - "shape": "S1j" + "shape": "S1k" }, "PriceClass": {}, "Enabled": { @@ -4640,7 +4727,7 @@ } } }, - "S57": { + "S58": { "type": "structure", "required": [ "DomainName", @@ -4651,7 +4738,7 @@ "OriginAccessIdentity": {} } }, - "S5a": { + "S5b": { "type": "structure", "required": [ "Id", @@ -4670,14 +4757,14 @@ }, "DomainName": {}, "ActiveTrustedSigners": { - "shape": "S2q" + "shape": "S2r" }, "StreamingDistributionConfig": { - "shape": "S56" + "shape": "S57" } } }, - "S7e": { + "S7n": { "type": "structure", "required": [ "Marker", @@ -4731,22 +4818,22 @@ }, "DomainName": {}, "Aliases": { - "shape": "St" + "shape": "Su" }, "Origins": { - "shape": "Sv" + "shape": "Sw" }, "OriginGroups": { - "shape": "S19" + "shape": "S1a" }, "DefaultCacheBehavior": { - "shape": "S1i" + "shape": "S1j" }, "CacheBehaviors": { - "shape": "S26" + "shape": "S27" }, "CustomErrorResponses": { - "shape": "S29" + "shape": "S2a" }, "Comment": {}, "PriceClass": {}, @@ -4754,10 +4841,10 @@ "type": "boolean" }, "ViewerCertificate": { - "shape": "S2f" + "shape": "S2g" }, "Restrictions": { - "shape": "S2j" + "shape": "S2k" }, "WebACLId": {}, "HttpVersion": {}, @@ -4765,14 +4852,14 @@ "type": "boolean" }, "AliasICPRecordals": { - "shape": "S2y" + "shape": "S2z" } } } } } }, - "S7j": { + "S7s": { "type": "structure", "required": [ "Marker", diff --git a/apis/cloudfront-2020-05-31.normal.json b/apis/cloudfront-2020-05-31.normal.json index 6bec8f8fb3..61d618414c 100644 --- a/apis/cloudfront-2020-05-31.normal.json +++ b/apis/cloudfront-2020-05-31.normal.json @@ -12,6 +12,35 @@ "uid": "cloudfront-2020-05-31" }, "operations": { + "AssociateAlias": { + "name": "AssociateAlias2020_05_31", + "http": { + "method": "PUT", + "requestUri": "/2020-05-31/distribution/{TargetDistributionId}/associate-alias", + "responseCode": 200 + }, + "input": { + "shape": "AssociateAliasRequest" + }, + "errors": [ + { + "shape": "InvalidArgument" + }, + { + "shape": "NoSuchDistribution" + }, + { + "shape": "TooManyDistributionCNAMEs" + }, + { + "shape": "IllegalUpdate" + }, + { + "shape": "AccessDenied" + } + ], + "documentation": "Associates an alias (also known as a CNAME or an alternate domain name) with a CloudFront distribution.
With this operation you can move an alias that’s already in use on a CloudFront distribution to a different distribution in one step. This prevents the downtime that could occur if you first remove the alias from one distribution and then separately add the alias to another distribution.
To use this operation to associate an alias with a distribution, you provide the alias and the ID of the target distribution for the alias. For more information, including how to set up the target distribution, prerequisites that you must complete, and other restrictions, see Moving an alternate domain name to a different distribution in the Amazon CloudFront Developer Guide.
" + }, "CreateCachePolicy": { "name": "CreateCachePolicy2020_05_31", "http": { @@ -575,6 +604,9 @@ }, { "shape": "InvalidArgument" + }, + { + "shape": "UnsupportedOperation" } ], "documentation": "Creates a CloudFront function.
To create a function, you provide the function code and some configuration information about the function. The response contains an Amazon Resource Name (ARN) that uniquely identifies the function.
When you create a function, it’s in the DEVELOPMENT stage. In this stage, you can test the function with TestFunction, and update it with UpdateFunction.
When you’re ready to use your function with a CloudFront distribution, use PublishFunction to copy the function from the DEVELOPMENT stage to LIVE. When it’s live, you can attach the function to a distribution’s cache behavior, using the function’s ARN.
Deletes a CloudFront function.
You cannot delete a function if it’s associated with a cache behavior. First, update your distributions to remove the function association from all cache behaviors, then delete the function.
To delete a function, you must provide the function’s name and version (ETag value). To get these values, you can use ListFunctions and DescribeFunction.
Gets configuration information and metadata about a CloudFront function, but not the function’s code. To get a function’s code, use GetFunction.
To get configuration information and metadata about a function, you must provide the function’s name and stage. To get these values, you can use ListFunctions.
Gets the code of a CloudFront function. To get configuration information and metadata about a function, use DescribeFunction.
To get a function’s code, you must provide the function’s name and stage. To get these values, you can use ListFunctions.
Gets a list of cache policies.
You can optionally apply a filter to return only the managed policies created by AWS, or only the custom policies created in your AWS account.
You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.
Gets a list of cache policies.
You can optionally apply a filter to return only the managed policies created by Amazon Web Services, or only the custom policies created in your account.
You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.
Lists origin access identities.
" }, + "ListConflictingAliases": { + "name": "ListConflictingAliases2020_05_31", + "http": { + "method": "GET", + "requestUri": "/2020-05-31/conflicting-alias", + "responseCode": 200 + }, + "input": { + "shape": "ListConflictingAliasesRequest" + }, + "output": { + "shape": "ListConflictingAliasesResult" + }, + "errors": [ + { + "shape": "InvalidArgument" + }, + { + "shape": "NoSuchDistribution" + } + ], + "documentation": "Gets a list of aliases (also called CNAMEs or alternate domain names) that conflict or overlap with the provided alias, and the associated CloudFront distributions and Amazon Web Services accounts for each conflicting alias. In the returned list, the distribution and account IDs are partially hidden, which allows you to identify the distributions and accounts that you own, but helps to protect the information of ones that you don’t own.
Use this operation to find aliases that are in use in CloudFront that conflict or overlap with the provided alias. For example, if you provide www.example.com as input, the returned list can include www.example.com and the overlapping wildcard alternate domain name (*.example.com), if they exist. If you provide *.example.com as input, the returned list can include *.example.com and any alternate domain names covered by that wildcard (for example, www.example.com, test.example.com, dev.example.com, and so on), if they exist.
To list conflicting aliases, you provide the alias to search and the ID of a distribution in your account that has an attached SSL/TLS certificate that includes the provided alias. For more information, including how to set up the distribution and certificate, see Moving an alternate domain name to a different distribution in the Amazon CloudFront Developer Guide.
You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.
List the distributions that are associated with a specified AWS WAF web ACL.
" + "documentation": "List the distributions that are associated with a specified WAF web ACL.
" }, "ListFieldLevelEncryptionConfigs": { "name": "ListFieldLevelEncryptionConfigs2020_05_31", @@ -1965,9 +2029,12 @@ "errors": [ { "shape": "InvalidArgument" + }, + { + "shape": "UnsupportedOperation" } ], - "documentation": "Gets a list of all CloudFront functions in your AWS account.
You can optionally apply a filter to return only the functions that are in the specified stage, either DEVELOPMENT or LIVE.
You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.
Gets a list of all CloudFront functions in your account.
You can optionally apply a filter to return only the functions that are in the specified stage, either DEVELOPMENT or LIVE.
You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.
Gets a list of origin request policies.
You can optionally apply a filter to return only the managed policies created by AWS, or only the custom policies created in your AWS account.
You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.
Gets a list of origin request policies.
You can optionally apply a filter to return only the managed policies created by Amazon Web Services, or only the custom policies created in your account.
You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.
Publishes a CloudFront function by copying the function code from the DEVELOPMENT stage to LIVE. This automatically updates all cache behaviors that are using this function to use the newly published copy in the LIVE stage.
When a function is published to the LIVE stage, you can attach the function to a distribution’s cache behavior, using the function’s Amazon Resource Name (ARN).
To publish a function, you must provide the function’s name and version (ETag value). To get these values, you can use ListFunctions and DescribeFunction.
Tests a CloudFront function.
To test a function, you provide an event object that represents an HTTP request or response that your CloudFront distribution could receive in production. CloudFront runs the function, passing it the event object that you provided, and returns the function’s result (the modified event object) in the response. The response also contains function logs and error messages, if any exist. For more information about testing functions, see Testing functions in the Amazon CloudFront Developer Guide.
To test a function, you provide the function’s name and version (ETag value) along with the event object. To get the function’s name and version, you can use ListFunctions and DescribeFunction.
Updates a CloudFront function.
You can update a function’s code or the comment that describes the function. You cannot update a function’s name.
To update a function, you provide the function’s name and version (ETag value) along with the updated function code. To get the name and version, you can use ListFunctions and DescribeFunction.
This field is true if any of the AWS accounts in the list have active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.
This field is true if any of the accounts in the list have active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.
The number of AWS accounts in the list.
" + "documentation": "The number of accounts in the list.
" }, "Items": { "shape": "SignerList", - "documentation": "A list of AWS accounts and the identifiers of active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.
" + "documentation": "A list of accounts and the identifiers of active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.
" } }, - "documentation": "A list of AWS accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.
" + "documentation": "A list of accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.
" }, "AliasICPRecordal": { "type": "structure", @@ -2915,7 +2991,7 @@ "documentation": "The Internet Content Provider (ICP) recordal status for a CNAME. The ICPRecordalStatus is set to APPROVED for all CNAMEs (aliases) in regions outside of China.
The status values returned are the following:
APPROVED indicates that the associated CNAME has a valid ICP recordal number. Multiple CNAMEs can be associated with a distribution, and CNAMEs can correspond to different ICP recordals. To be marked as APPROVED, that is, valid to use with China region, a CNAME must have one ICP recordal number associated with it.
SUSPENDED indicates that the associated CNAME does not have a valid ICP recordal number.
PENDING indicates that CloudFront can't determine the ICP recordal status of the CNAME associated with the distribution because there was an error in trying to determine the status. You can try again to see if the error is resolved in which case CloudFront returns an APPROVED or SUSPENDED status.
AWS services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions. The status is returned in the CloudFront response; you can't configure it yourself.
For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with AWS services in China.
" + "documentation": "Amazon Web Services services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions. The status is returned in the CloudFront response; you can't configure it yourself.
For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with Amazon Web Services services in China.
" }, "AliasICPRecordals": { "type": "list", @@ -2969,6 +3045,27 @@ }, "documentation": "A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. There are three choices:
CloudFront forwards only GET and HEAD requests.
CloudFront forwards only GET, HEAD, and OPTIONS requests.
CloudFront forwards GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE requests.
If you pick the third choice, you may need to restrict access to your Amazon S3 bucket or to your custom origin so users can't perform operations that you don't want them to. For example, you might not want users to have permissions to delete objects from your origin.
" }, + "AssociateAliasRequest": { + "type": "structure", + "required": [ + "TargetDistributionId", + "Alias" + ], + "members": { + "TargetDistributionId": { + "shape": "string", + "documentation": "The ID of the distribution that you’re associating the alias with.
", + "location": "uri", + "locationName": "TargetDistributionId" + }, + "Alias": { + "shape": "string", + "documentation": "The alias (also known as a CNAME) to add to the target distribution.
", + "location": "querystring", + "locationName": "Alias" + } + } + }, "AwsAccountNumberList": { "type": "list", "member": { @@ -2994,7 +3091,7 @@ }, "TrustedSigners": { "shape": "TrustedSigners", - "documentation": "We recommend using TrustedKeyGroups instead of TrustedSigners.
A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in the trusted signer’s AWS account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.
" + "documentation": "We recommend using TrustedKeyGroups instead of TrustedSigners.
A list of account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in the trusted signer’s account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.
" }, "TrustedKeyGroups": { "shape": "TrustedKeyGroups", @@ -3017,7 +3114,7 @@ }, "LambdaFunctionAssociations": { "shape": "LambdaFunctionAssociations", - "documentation": "A complex type that contains zero or more Lambda function associations for a cache behavior.
" + "documentation": "A complex type that contains zero or more Lambda@Edge function associations for a cache behavior.
" }, "FunctionAssociations": { "shape": "FunctionAssociations", @@ -3252,7 +3349,7 @@ "members": { "Type": { "shape": "CachePolicyType", - "documentation": "The type of cache policy, either managed (created by AWS) or custom (created in this AWS account).
The type of cache policy, either managed (created by Amazon Web Services) or custom (created in this account).
The number of CloudFront origin access identities that were created by the current AWS account.
" + "documentation": "The number of CloudFront origin access identities that were created by the current account.
" }, "Items": { "shape": "CloudFrontOriginAccessIdentitySummaryList", - "documentation": "A complex type that contains one CloudFrontOriginAccessIdentitySummary element for each origin access identity that was created by the current AWS account.
A complex type that contains one CloudFrontOriginAccessIdentitySummary element for each origin access identity that was created by the current account.
Lists the origin access identities for CloudFront.Send a GET request to the /CloudFront API version/origin-access-identity/cloudfront resource. The response includes a CloudFrontOriginAccessIdentityList element with zero or more CloudFrontOriginAccessIdentitySummary child elements. By default, your entire list of origin access identities is returned in one single page. If the list is long, you can paginate it using the MaxItems and Marker parameters.
An alias (also called a CNAME).
" + }, + "DistributionId": { + "shape": "string", + "documentation": "The (partially hidden) ID of the CloudFront distribution associated with the alias.
" + }, + "AccountId": { + "shape": "string", + "documentation": "The (partially hidden) ID of the Amazon Web Services account that owns the distribution that’s associated with the alias.
" + } + }, + "documentation": "An alias (also called a CNAME) and the CloudFront distribution and Amazon Web Services account ID that it’s associated with. The distribution and account IDs are partially hidden, which allows you to identify the distributions and accounts that you own, but helps to protect the information of ones that you don’t own.
" + }, + "ConflictingAliases": { + "type": "list", + "member": { + "shape": "ConflictingAlias", + "locationName": "ConflictingAlias" + } + }, + "ConflictingAliasesList": { + "type": "structure", + "members": { + "NextMarker": { + "shape": "string", + "documentation": "If there are more items in the list than are in this response, this element is present. It contains the value that you should use in the Marker field of a subsequent request to continue listing conflicting aliases where you left off.
The maximum number of conflicting aliases requested.
" + }, + "Quantity": { + "shape": "integer", + "documentation": "The number of conflicting aliases returned in the response.
" + }, + "Items": { + "shape": "ConflictingAliases", + "documentation": "Contains the conflicting aliases in the list.
" + } + }, + "documentation": "A list of aliases (also called CNAMEs) and the CloudFront distributions and Amazon Web Services accounts that they are associated with. In the list, the distribution and account IDs are partially hidden, which allows you to identify the distributions and accounts that you own, but helps to protect the information of ones that you don’t own.
" + }, "ContentTypeProfile": { "type": "structure", "required": [ @@ -3510,7 +3654,7 @@ }, "WhitelistedNames": { "shape": "CookieNames", - "documentation": "This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include cookies in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.
If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.
Required if you specify whitelist for the value of Forward. A complex type that specifies how many different cookies you want CloudFront to forward to the origin for this cache behavior and, if you want to forward selected cookies, the names of those cookies.
If you specify all or none for the value of Forward, omit WhitelistedNames. If you change the value of Forward from whitelist to all or none and you don't delete the WhitelistedNames element and its child elements, CloudFront deletes them automatically.
For the current limit on the number of cookie names that you can whitelist for each cache behavior, see CloudFront Limits in the AWS General Reference.
" + "documentation": "This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include cookies in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.
If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.
Required if you specify whitelist for the value of Forward. A complex type that specifies how many different cookies you want CloudFront to forward to the origin for this cache behavior and, if you want to forward selected cookies, the names of those cookies.
If you specify all or none for the value of Forward, omit WhitelistedNames. If you change the value of Forward from whitelist to all or none and you don't delete the WhitelistedNames element and its child elements, CloudFront deletes them automatically.
For the current limit on the number of cookie names that you can whitelist for each cache behavior, see CloudFront Limits in the Amazon Web Services General Reference.
" } }, "documentation": "This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include cookies in the cache key, use CookiesConfig in a cache policy. See CachePolicy.
If you want to send cookies to the origin but not include them in the cache key, use CookiesConfig in an origin request policy. See OriginRequestPolicy.
A complex type that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. For more information about forwarding cookies to the origin, see Caching Content Based on Cookies in the Amazon CloudFront Developer Guide.
" @@ -4224,7 +4368,7 @@ }, "TrustedSigners": { "shape": "TrustedSigners", - "documentation": "We recommend using TrustedKeyGroups instead of TrustedSigners.
A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer’s AWS account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.
" + "documentation": "We recommend using TrustedKeyGroups instead of TrustedSigners.
A list of account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer’s account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.
" }, "TrustedKeyGroups": { "shape": "TrustedKeyGroups", @@ -4247,7 +4391,7 @@ }, "LambdaFunctionAssociations": { "shape": "LambdaFunctionAssociations", - "documentation": "A complex type that contains zero or more Lambda function associations for a cache behavior.
" + "documentation": "A complex type that contains zero or more Lambda@Edge function associations for a cache behavior.
" }, "FunctionAssociations": { "shape": "FunctionAssociations", @@ -4581,7 +4725,7 @@ }, "ARN": { "shape": "string", - "documentation": "The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your account ID.
We recommend using TrustedKeyGroups instead of TrustedSigners.
CloudFront automatically adds this field to the response if you’ve configured a cache behavior in this distribution to serve private content using trusted signers. This field contains a list of AWS account IDs and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs or signed cookies.
" + "documentation": "We recommend using TrustedKeyGroups instead of TrustedSigners.
CloudFront automatically adds this field to the response if you’ve configured a cache behavior in this distribution to serve private content using trusted signers. This field contains a list of account IDs and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs or signed cookies.
" }, "ActiveTrustedKeyGroups": { "shape": "ActiveTrustedKeyGroups", @@ -4613,7 +4757,7 @@ }, "AliasICPRecordals": { "shape": "AliasICPRecordals", - "documentation": "AWS services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions.
For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with AWS services in China.
" + "documentation": "Amazon Web Services services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions.
For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with Amazon Web Services services in China.
" } }, "documentation": "A distribution tells CloudFront where you want content to be delivered from, and the details about how to track and manage content delivery.
" @@ -4686,7 +4830,7 @@ }, "WebACLId": { "shape": "string", - "documentation": "A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.
AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about AWS WAF, see the AWS WAF Developer Guide.
" + "documentation": "A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.
WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the WAF Developer Guide.
" }, "HttpVersion": { "shape": "HttpVersion", @@ -4694,7 +4838,7 @@ }, "IsIPV6Enabled": { "shape": "boolean", - "documentation": "If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.
In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.
If you're using an Amazon Route 53 alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:
You enable IPv6 for the distribution
You're using alternate domain names in the URLs for your objects
For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Amazon Route 53 Developer Guide.
If you created a CNAME resource record set, either with Amazon Route 53 or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.
" + "documentation": "If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.
In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.
If you're using an Route 53 Amazon Web Services Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:
You enable IPv6 for the distribution
You're using alternate domain names in the URLs for your objects
For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Route 53 Amazon Web Services Integration Developer Guide.
If you created a CNAME resource record set, either with Route 53 Amazon Web Services Integration or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.
" } }, "documentation": "A distribution configuration.
" @@ -4787,11 +4931,11 @@ }, "Quantity": { "shape": "integer", - "documentation": "The number of distributions that were created by the current AWS account.
" + "documentation": "The number of distributions that were created by the current account.
" }, "Items": { "shape": "DistributionSummaryList", - "documentation": "A complex type that contains one DistributionSummary element for each distribution that was created by the current AWS account.
A complex type that contains one DistributionSummary element for each distribution that was created by the current account.
A distribution list.
" @@ -4825,7 +4969,7 @@ }, "ARN": { "shape": "string", - "documentation": "The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your account ID.
AWS services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions.
For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with AWS services in China.
" + "documentation": "Amazon Web Services services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions.
For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with Amazon Web Services services in China.
" } }, "documentation": "A summary of the information about a CloudFront distribution.
" @@ -6279,11 +6423,11 @@ }, "Quantity": { "shape": "integer", - "documentation": "The number of invalidation batches that were created by the current AWS account.
" + "documentation": "The number of invalidation batches that were created by the current account.
" }, "Items": { "shape": "InvalidationSummaryList", - "documentation": "A complex type that contains one InvalidationSummary element for each invalidation batch created by the current AWS account.
A complex type that contains one InvalidationSummary element for each invalidation batch created by the current account.
The InvalidationList complex type describes the list of invalidation objects. For more information about invalidation, see Invalidating Objects (Web Distributions Only) in the Amazon CloudFront Developer Guide.
The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that CloudFront can use to send real-time log data to your Kinesis data stream.
For more information the IAM role, see Real-time log configuration IAM role in the Amazon CloudFront Developer Guide.
" + "documentation": "The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFront can use to send real-time log data to your Kinesis data stream.
For more information the IAM role, see Real-time log configuration IAM role in the Amazon CloudFront Developer Guide.
" }, "StreamARN": { "shape": "string", @@ -6491,18 +6635,18 @@ "members": { "LambdaFunctionARN": { "shape": "LambdaFunctionARN", - "documentation": "The ARN of the Lambda function. You must specify the ARN of a function version; you can't specify a Lambda alias or $LATEST.
" + "documentation": "The ARN of the Lambda@Edge function. You must specify the ARN of a function version; you can't specify an alias or $LATEST.
" }, "EventType": { "shape": "EventType", - "documentation": "Specifies the event type that triggers a Lambda function invocation. You can specify the following values:
viewer-request: The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache.
origin-request: The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn't execute.
origin-response: The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn't execute.
viewer-response: The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache.
If the origin returns an HTTP status code other than HTTP 200 (OK), the function doesn't execute.
Specifies the event type that triggers a Lambda@Edge function invocation. You can specify the following values:
viewer-request: The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache.
origin-request: The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn't execute.
origin-response: The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn't execute.
viewer-response: The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache.
If the origin returns an HTTP status code other than HTTP 200 (OK), the function doesn't execute.
A flag that allows a Lambda function to have read access to the body content. For more information, see Accessing the Request Body by Choosing the Include Body Option in the Amazon CloudFront Developer Guide.
" + "documentation": "A flag that allows a Lambda@Edge function to have read access to the body content. For more information, see Accessing the Request Body by Choosing the Include Body Option in the Amazon CloudFront Developer Guide.
" } }, - "documentation": "A complex type that contains a Lambda function association.
" + "documentation": "A complex type that contains a Lambda@Edge function association.
" }, "LambdaFunctionAssociationList": { "type": "list", @@ -6519,21 +6663,21 @@ "members": { "Quantity": { "shape": "integer", - "documentation": "The number of Lambda function associations for this cache behavior.
" + "documentation": "The number of Lambda@Edge function associations for this cache behavior.
" }, "Items": { "shape": "LambdaFunctionAssociationList", "documentation": " Optional: A complex type that contains LambdaFunctionAssociation items for this cache behavior. If Quantity is 0, you can omit Items.
A complex type that specifies a list of Lambda functions associations for a cache behavior.
If you want to invoke one or more Lambda functions triggered by requests that match the PathPattern of the cache behavior, specify the applicable values for Quantity and Items. Note that there can be up to 4 LambdaFunctionAssociation items in this list (one for each possible value of EventType) and each EventType can be associated with the Lambda function only once.
If you don't want to invoke any Lambda functions for the requests that match PathPattern, specify 0 for Quantity and omit Items.
A complex type that specifies a list of Lambda@Edge functions associations for a cache behavior.
If you want to invoke one or more Lambda@Edge functions triggered by requests that match the PathPattern of the cache behavior, specify the applicable values for Quantity and Items. Note that there can be up to 4 LambdaFunctionAssociation items in this list (one for each possible value of EventType) and each EventType can be associated with only one function.
If you don't want to invoke any Lambda@Edge functions for the requests that match PathPattern, specify 0 for Quantity and omit Items.
A filter to return only the specified kinds of cache policies. Valid values are:
managed – Returns only the managed policies created by AWS.
custom – Returns only the custom policies created in your AWS account.
A filter to return only the specified kinds of cache policies. Valid values are:
managed – Returns only the managed policies created by Amazon Web Services.
custom – Returns only the custom policies created in your account.
The returned result of the corresponding request.
", "payload": "CloudFrontOriginAccessIdentityList" }, + "ListConflictingAliasesRequest": { + "type": "structure", + "required": [ + "DistributionId", + "Alias" + ], + "members": { + "DistributionId": { + "shape": "distributionIdString", + "documentation": "The ID of a distribution in your account that has an attached SSL/TLS certificate that includes the provided alias.
", + "location": "querystring", + "locationName": "DistributionId" + }, + "Alias": { + "shape": "aliasString", + "documentation": "The alias (also called a CNAME) to search for conflicting aliases.
", + "location": "querystring", + "locationName": "Alias" + }, + "Marker": { + "shape": "string", + "documentation": "Use this field when paginating results to indicate where to begin in the list of conflicting aliases. The response includes conflicting aliases in the list that occur after the marker. To get the next page of the list, set this field’s value to the value of NextMarker from the current page’s response.
The maximum number of conflicting aliases that you want in the response.
", + "location": "querystring", + "locationName": "MaxItems" + } + } + }, + "ListConflictingAliasesResult": { + "type": "structure", + "members": { + "ConflictingAliasesList": { + "shape": "ConflictingAliasesList", + "documentation": "A list of conflicting aliases.
" + } + }, + "payload": "ConflictingAliasesList" + }, "ListDistributionsByCachePolicyIdRequest": { "type": "structure", "required": [ @@ -6747,12 +6934,12 @@ }, "WebACLId": { "shape": "string", - "documentation": "The ID of the AWS WAF web ACL that you want to list the associated distributions. If you specify \"null\" for the ID, the request returns a list of the distributions that aren't associated with a web ACL.
", + "documentation": "The ID of the WAF web ACL that you want to list the associated distributions. If you specify \"null\" for the ID, the request returns a list of the distributions that aren't associated with a web ACL.
", "location": "uri", "locationName": "WebACLId" } }, - "documentation": "The request to list distributions that are associated with a specified AWS WAF web ACL.
" + "documentation": "The request to list distributions that are associated with a specified WAF web ACL.
" }, "ListDistributionsByWebACLIdResult": { "type": "structure", @@ -6762,7 +6949,7 @@ "documentation": "The DistributionList type.
The response to a request to list the distributions that are associated with a specified AWS WAF web ACL.
", + "documentation": "The response to a request to list the distributions that are associated with a specified WAF web ACL.
", "payload": "DistributionList" }, "ListDistributionsRequest": { @@ -6951,7 +7138,7 @@ "members": { "Type": { "shape": "OriginRequestPolicyType", - "documentation": "A filter to return only the specified kinds of origin request policies. Valid values are:
managed – Returns only the managed policies created by AWS.
custom – Returns only the custom policies created in your AWS account.
A filter to return only the specified kinds of origin request policies. Valid values are:
managed – Returns only the managed policies created by Amazon Web Services.
custom – Returns only the custom policies created in your account.
The type of origin request policy, either managed (created by AWS) or custom (created in this AWS account).
The type of origin request policy, either managed (created by Amazon Web Services) or custom (created in this account).
The AWS Region for Origin Shield.
Specify the AWS Region that has the lowest latency to your origin. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.
When you enable CloudFront Origin Shield, you must specify the AWS Region for Origin Shield. For the list of AWS Regions that you can specify, and for help choosing the best Region for your origin, see Choosing the AWS Region for Origin Shield in the Amazon CloudFront Developer Guide.
" + "documentation": "The Region for Origin Shield.
Specify the Region that has the lowest latency to your origin. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.
When you enable CloudFront Origin Shield, you must specify the Region for Origin Shield. For the list of Regions that you can specify, and for help choosing the best Region for your origin, see Choosing the Region for Origin Shield in the Amazon CloudFront Developer Guide.
" } }, "documentation": "CloudFront Origin Shield.
Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.
" @@ -8077,14 +8264,14 @@ "members": { "AwsAccountNumber": { "shape": "string", - "documentation": "An AWS account number that contains active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. If the AWS account that owns the key pairs is the same account that owns the CloudFront distribution, the value of this field is self.
An account number that contains active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. If the account that owns the key pairs is the same account that owns the CloudFront distribution, the value of this field is self.
A list of CloudFront key pair identifiers.
" } }, - "documentation": "A list of AWS accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.
" + "documentation": "A list of accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.
" }, "SignerList": { "type": "list", @@ -8153,7 +8340,7 @@ }, "ARN": { "shape": "string", - "documentation": "The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your account ID.
A complex type that lists the AWS accounts, if any, that you included in the TrustedSigners complex type for this distribution. These are the accounts that you want to allow to create signed URLs for private content.
The Signer complex type lists the AWS account number of the trusted signer or self if the signer is the AWS account that created the distribution. The Signer element also includes the IDs of any active CloudFront key pairs that are associated with the trusted signer's AWS account. If no KeyPairId element appears for a Signer, that signer can't create signed URLs.
For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.
" + "documentation": "A complex type that lists the accounts, if any, that you included in the TrustedSigners complex type for this distribution. These are the accounts that you want to allow to create signed URLs for private content.
The Signer complex type lists the account number of the trusted signer or self if the signer is the account that created the distribution. The Signer element also includes the IDs of any active CloudFront key pairs that are associated with the trusted signer's account. If no KeyPairId element appears for a Signer, that signer can't create signed URLs.
For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.
" }, "StreamingDistributionConfig": { "shape": "StreamingDistributionConfig", @@ -8210,7 +8397,7 @@ }, "TrustedSigners": { "shape": "TrustedSigners", - "documentation": "A complex type that specifies any AWS accounts that you want to permit to create signed URLs for private content. If you want the distribution to use signed URLs, include this element; if you want the distribution to use public URLs, remove this element. For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.
" + "documentation": "A complex type that specifies any accounts that you want to permit to create signed URLs for private content. If you want the distribution to use signed URLs, include this element; if you want the distribution to use public URLs, remove this element. For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.
" }, "PriceClass": { "shape": "PriceClass", @@ -8268,11 +8455,11 @@ }, "Quantity": { "shape": "integer", - "documentation": "The number of streaming distributions that were created by the current AWS account.
" + "documentation": "The number of streaming distributions that were created by the current account.
" }, "Items": { "shape": "StreamingDistributionSummaryList", - "documentation": "A complex type that contains one StreamingDistributionSummary element for each distribution that was created by the current AWS account.
A complex type that contains one StreamingDistributionSummary element for each distribution that was created by the current account.
A streaming distribution list.
" @@ -8299,7 +8486,7 @@ }, "ARN": { "shape": "string", - "documentation": " The ARN (Amazon Resource Name) for the streaming distribution. For example: arn:aws:cloudfront::123456789012:streaming-distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
The ARN (Amazon Resource Name) for the streaming distribution. For example: arn:aws:cloudfront::123456789012:streaming-distribution/EDFDVBD632BHDS5, where 123456789012 is your account ID.
A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items.If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.
For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.
" + "documentation": "A complex type that specifies the accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items.If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.
For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.
" }, "Comment": { "shape": "string", @@ -8563,18 +8750,18 @@ "members": { "Enabled": { "shape": "boolean", - "documentation": "This field is true if any of the AWS accounts have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.
This field is true if any of the accounts have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.
The number of AWS accounts in the list.
" + "documentation": "The number of accounts in the list.
" }, "Items": { "shape": "AwsAccountNumberList", - "documentation": "A list of AWS account identifiers.
" + "documentation": "A list of account identifiers.
" } }, - "documentation": "A list of AWS accounts whose public keys CloudFront can use to verify the signatures of signed URLs and signed cookies.
" + "documentation": "A list of accounts whose public keys CloudFront can use to verify the signatures of signed URLs and signed cookies.
" }, "UntagResourceRequest": { "type": "structure", @@ -9111,19 +9298,19 @@ }, "IAMCertificateId": { "shape": "string", - "documentation": "If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in AWS Identity and Access Management (AWS IAM), provide the ID of the IAM certificate.
If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.
If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Identity and Access Management (IAM), provide the ID of the IAM certificate.
If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.
If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in AWS Certificate Manager (ACM), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (us-east-1).
If you specify an ACM certificate ARN, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.
If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Certificate Manager (ACM), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (us-east-1).
If you specify an ACM certificate ARN, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.
If the distribution uses Aliases (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.
sni-only – The distribution accepts HTTPS connections from only viewers that support server name indication (SNI). This is recommended. Most browsers and clients support SNI.
vip – The distribution accepts HTTPS connections from all viewers including those that don’t support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
static-ip - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the AWS Support Center.
If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, don’t set a value for this field.
If the distribution uses Aliases (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.
sni-only – The distribution accepts HTTPS connections from only viewers that support server name indication (SNI). This is recommended. Most browsers and clients support SNI.
vip – The distribution accepts HTTPS connections from all viewers including those that don’t support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
static-ip - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the Amazon Web Services Support Center.
If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, don’t set a value for this field.
If the distribution uses Aliases (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:
The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers.
The ciphers that CloudFront can use to encrypt the content that it returns to viewers.
For more information, see Security Policy and Supported Protocols and Ciphers Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.
On the CloudFront console, this setting is called Security Policy.
When you’re using SNI only (you set SSLSupportMethod to sni-only), you must specify TLSv1 or higher.
If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net (you set CloudFrontDefaultCertificate to true), CloudFront automatically sets the security policy to TLSv1 regardless of the value that you set here.
If the distribution uses Aliases (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:
The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers.
The ciphers that CloudFront can use to encrypt the content that it returns to viewers.
For more information, see Security Policy and Supported Protocols and Ciphers Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.
On the CloudFront console, this setting is called Security Policy.
When you’re using SNI only (you set SSLSupportMethod to sni-only), you must specify TLSv1 or higher.
If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net (you set CloudFrontDefaultCertificate to true), CloudFront automatically sets the security policy to TLSv1 regardless of the value that you set here.
A complex type that determines the distribution’s SSL/TLS configuration for communicating with viewers.
If the distribution doesn’t use Aliases (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net—set CloudFrontDefaultCertificate to true and leave all other fields empty.
If the distribution uses Aliases (alternate domain names or CNAMEs), use the fields in this type to specify the following settings:
Which viewers the distribution accepts HTTPS connections from: only viewers that support server name indication (SNI) (recommended), or all viewers including those that don’t support SNI.
To accept HTTPS connections from only viewers that support SNI, set SSLSupportMethod to sni-only. This is recommended. Most browsers and clients support SNI.
To accept HTTPS connections from all viewers, including those that don’t support SNI, set SSLSupportMethod to vip. This is not recommended, and results in additional monthly charges from CloudFront.
The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for MinimumProtocolVersion. For more information, see Security Policy in the Amazon CloudFront Developer Guide.
The location of the SSL/TLS certificate, AWS Certificate Manager (ACM) (recommended) or AWS Identity and Access Management (AWS IAM). You specify the location by setting a value in one of the following fields (not both):
ACMCertificateArn
IAMCertificateId
All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ViewerProtocolPolicy in the CacheBehavior or DefaultCacheBehavior. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use CustomOriginConfig.
For more information, see Using HTTPS with CloudFront and Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
" + "documentation": "A complex type that determines the distribution’s SSL/TLS configuration for communicating with viewers.
If the distribution doesn’t use Aliases (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net—set CloudFrontDefaultCertificate to true and leave all other fields empty.
If the distribution uses Aliases (alternate domain names or CNAMEs), use the fields in this type to specify the following settings:
Which viewers the distribution accepts HTTPS connections from: only viewers that support server name indication (SNI) (recommended), or all viewers including those that don’t support SNI.
To accept HTTPS connections from only viewers that support SNI, set SSLSupportMethod to sni-only. This is recommended. Most browsers and clients support SNI.
To accept HTTPS connections from all viewers, including those that don’t support SNI, set SSLSupportMethod to vip. This is not recommended, and results in additional monthly charges from CloudFront.
The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for MinimumProtocolVersion. For more information, see Security Policy in the Amazon CloudFront Developer Guide.
The location of the SSL/TLS certificate, Certificate Manager (ACM) (recommended) or Identity and Access Management (IAM). You specify the location by setting a value in one of the following fields (not both):
ACMCertificateArn
IAMCertificateId
All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ViewerProtocolPolicy in the CacheBehavior or DefaultCacheBehavior. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use CustomOriginConfig.
For more information, see Using HTTPS with CloudFront and Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
" }, "ViewerProtocolPolicy": { "type": "string", @@ -9146,12 +9333,24 @@ "redirect-to-https" ] }, + "aliasString": { + "type": "string", + "max": 253 + }, "boolean": { "type": "boolean" }, + "distributionIdString": { + "type": "string", + "max": 25 + }, "integer": { "type": "integer" }, + "listConflictingAliasesMaxItemsInteger": { + "type": "integer", + "max": 100 + }, "long": { "type": "long" }, diff --git a/apis/ec2-2016-11-15.min.json b/apis/ec2-2016-11-15.min.json index 10b1594aea..c096ad941c 100644 --- a/apis/ec2-2016-11-15.min.json +++ b/apis/ec2-2016-11-15.min.json @@ -896,6 +896,10 @@ "shape": "S4i", "locationName": "ipPermissions" }, + "TagSpecifications": { + "shape": "S1t", + "locationName": "TagSpecification" + }, "CidrIp": { "locationName": "cidrIp" }, @@ -917,6 +921,19 @@ "locationName": "sourceSecurityGroupOwnerId" } } + }, + "output": { + "type": "structure", + "members": { + "Return": { + "locationName": "return", + "type": "boolean" + }, + "SecurityGroupRules": { + "shape": "S4t", + "locationName": "securityGroupRuleSet" + } + } } }, "AuthorizeSecurityGroupIngress": { @@ -941,6 +958,23 @@ "DryRun": { "locationName": "dryRun", "type": "boolean" + }, + "TagSpecifications": { + "shape": "S1t", + "locationName": "TagSpecification" + } + } + }, + "output": { + "type": "structure", + "members": { + "Return": { + "locationName": "return", + "type": "boolean" + }, + "SecurityGroupRules": { + "shape": "S4t", + "locationName": "securityGroupRuleSet" } } } @@ -955,7 +989,7 @@ "members": { "InstanceId": {}, "Storage": { - "shape": "S4v" + "shape": "S52" }, "DryRun": { "locationName": "dryRun", @@ -967,7 +1001,7 @@ "type": "structure", "members": { "BundleTask": { - "shape": "S4z", + "shape": "S56", "locationName": "bundleInstanceTask" } } @@ -991,7 +1025,7 @@ "type": "structure", "members": { "BundleTask": { - "shape": "S4z", + "shape": "S56", "locationName": "bundleInstanceTask" } } @@ -1095,7 +1129,7 @@ "type": "structure", "members": { "ReservedInstancesListings": { - "shape": "S5i", + "shape": "S5p", "locationName": "reservedInstancesListingsSet" } } @@ -1114,7 +1148,7 @@ "type": "boolean" }, "SpotFleetRequestIds": { - "shape": "S5u", + "shape": "S61", "locationName": "spotFleetRequestId" }, "TerminateInstances": { @@ -1185,7 +1219,7 @@ "type": "boolean" }, "SpotInstanceRequestIds": { - "shape": "S65", + "shape": "S6c", "locationName": "SpotInstanceRequestId" } } @@ -1395,7 +1429,7 @@ "type": "structure", "members": { "CapacityReservation": { - "shape": "S6r", + "shape": "S6y", "locationName": "capacityReservation" } } @@ -1425,7 +1459,7 @@ "type": "structure", "members": { "CarrierGateway": { - "shape": "S6w", + "shape": "S73", "locationName": "carrierGateway" } } @@ -1473,7 +1507,7 @@ } }, "ConnectionLogOptions": { - "shape": "S76" + "shape": "S7d" }, "DnsServers": { "shape": "Se" @@ -1503,7 +1537,7 @@ "VpcId": {}, "SelfServicePortal": {}, "ClientConnectOptions": { - "shape": "S79" + "shape": "S7g" } } }, @@ -1514,7 +1548,7 @@ "locationName": "clientVpnEndpointId" }, "Status": { - "shape": "S7b", + "shape": "S7i", "locationName": "status" }, "DnsName": { @@ -1548,7 +1582,7 @@ "type": "structure", "members": { "Status": { - "shape": "S7f", + "shape": "S7m", "locationName": "status" } } @@ -1585,7 +1619,7 @@ "type": "structure", "members": { "CustomerGateway": { - "shape": "S7k", + "shape": "S7r", "locationName": "customerGateway" } } @@ -1608,7 +1642,7 @@ "type": "structure", "members": { "Subnet": { - "shape": "S7n", + "shape": "S7u", "locationName": "subnet" } } @@ -1627,7 +1661,7 @@ "type": "structure", "members": { "Vpc": { - "shape": "S7t", + "shape": "S80", "locationName": "vpc" } } @@ -1671,7 +1705,7 @@ "type": "structure", "members": { "DhcpOptions": { - "shape": "S82", + "shape": "S89", "locationName": "dhcpOptions" } } @@ -1702,7 +1736,7 @@ "locationName": "clientToken" }, "EgressOnlyInternetGateway": { - "shape": "S89", + "shape": "S8g", "locationName": "egressOnlyInternetGateway" } } @@ -1775,10 +1809,10 @@ }, "ExcessCapacityTerminationPolicy": {}, "LaunchTemplateConfigs": { - "shape": "S8p" + "shape": "S8w" }, "TargetCapacitySpecification": { - "shape": "S8y" + "shape": "S95" }, "TerminateInstancesWithExpiration": { "type": "boolean" @@ -1814,7 +1848,7 @@ "type": "structure", "members": { "LaunchTemplateAndOverrides": { - "shape": "S95", + "shape": "S9c", "locationName": "launchTemplateAndOverrides" }, "Lifecycle": { @@ -1837,14 +1871,14 @@ "type": "structure", "members": { "LaunchTemplateAndOverrides": { - "shape": "S95", + "shape": "S9c", "locationName": "launchTemplateAndOverrides" }, "Lifecycle": { "locationName": "lifecycle" }, "InstanceIds": { - "shape": "S9c", + "shape": "S9j", "locationName": "instanceIds" }, "InstanceType": { @@ -1923,10 +1957,10 @@ "type": "boolean" }, "InputStorageLocation": { - "shape": "S9m" + "shape": "S9t" }, "LogsStorageLocation": { - "shape": "S9m" + "shape": "S9t" }, "Description": {}, "Name": {}, @@ -1958,7 +1992,7 @@ ], "members": { "BlockDeviceMappings": { - "shape": "S9p", + "shape": "S9w", "locationName": "blockDeviceMapping" }, "Description": { @@ -2039,7 +2073,7 @@ "type": "structure", "members": { "ExportTask": { - "shape": "Sa0", + "shape": "Sa7", "locationName": "exportTask" } } @@ -2063,7 +2097,7 @@ "type": "structure", "members": { "InternetGateway": { - "shape": "Sa6", + "shape": "Sad", "locationName": "internetGateway" } } @@ -2126,7 +2160,7 @@ "LaunchTemplateName": {}, "VersionDescription": {}, "LaunchTemplateData": { - "shape": "Sac" + "shape": "Saj" }, "TagSpecifications": { "shape": "S1t", @@ -2138,11 +2172,11 @@ "type": "structure", "members": { "LaunchTemplate": { - "shape": "Sbo", + "shape": "Sbv", "locationName": "launchTemplate" }, "Warning": { - "shape": "Sbp", + "shape": "Sbw", "locationName": "warning" } } @@ -2164,7 +2198,7 @@ "SourceVersion": {}, "VersionDescription": {}, "LaunchTemplateData": { - "shape": "Sac" + "shape": "Saj" } } }, @@ -2172,11 +2206,11 @@ "type": "structure", "members": { "LaunchTemplateVersion": { - "shape": "Sbu", + "shape": "Sc1", "locationName": "launchTemplateVersion" }, "Warning": { - "shape": "Sbp", + "shape": "Sbw", "locationName": "warning" } } @@ -2203,7 +2237,7 @@ "type": "structure", "members": { "Route": { - "shape": "Scs", + "shape": "Scz", "locationName": "route" } } @@ -2232,7 +2266,7 @@ "type": "structure", "members": { "LocalGatewayRouteTableVpcAssociation": { - "shape": "Scx", + "shape": "Sd4", "locationName": "localGatewayRouteTableVpcAssociation" } } @@ -2252,7 +2286,7 @@ }, "PrefixListName": {}, "Entries": { - "shape": "Sd0", + "shape": "Sd7", "locationName": "Entry" }, "MaxEntries": { @@ -2272,7 +2306,7 @@ "type": "structure", "members": { "PrefixList": { - "shape": "Sd3", + "shape": "Sda", "locationName": "prefixList" } } @@ -2307,7 +2341,7 @@ "locationName": "clientToken" }, "NatGateway": { - "shape": "Sd9", + "shape": "Sdf", "locationName": "natGateway" } } @@ -2337,7 +2371,7 @@ "type": "structure", "members": { "NetworkAcl": { - "shape": "Sdg", + "shape": "Sdm", "locationName": "networkAcl" } } @@ -2366,7 +2400,7 @@ "type": "boolean" }, "IcmpTypeCode": { - "shape": "Sdl", + "shape": "Sdr", "locationName": "Icmp" }, "Ipv6CidrBlock": { @@ -2376,7 +2410,7 @@ "locationName": "networkAclId" }, "PortRange": { - "shape": "Sdm", + "shape": "Sds", "locationName": "portRange" }, "Protocol": { @@ -2426,7 +2460,7 @@ "type": "structure", "members": { "NetworkInsightsPath": { - "shape": "Sdv", + "shape": "Se1", "locationName": "networkInsightsPath" } } @@ -2447,7 +2481,7 @@ "type": "boolean" }, "Groups": { - "shape": "Sal", + "shape": "Sas", "locationName": "SecurityGroupId" }, "Ipv6AddressCount": { @@ -2455,14 +2489,14 @@ "type": "integer" }, "Ipv6Addresses": { - "shape": "Sc2", + "shape": "Sc9", "locationName": "ipv6Addresses" }, "PrivateIpAddress": { "locationName": "privateIpAddress" }, "PrivateIpAddresses": { - "shape": "Sao", + "shape": "Sav", "locationName": "privateIpAddresses" }, "SecondaryPrivateIpAddressCount": { @@ -2486,7 +2520,7 @@ "type": "structure", "members": { "NetworkInterface": { - "shape": "Se0", + "shape": "Se6", "locationName": "networkInterface" }, "ClientToken": { @@ -2516,7 +2550,7 @@ "type": "structure", "members": { "InterfacePermission": { - "shape": "See", + "shape": "Sek", "locationName": "interfacePermission" } } @@ -2549,7 +2583,7 @@ "type": "structure", "members": { "PlacementGroup": { - "shape": "Sek", + "shape": "Seq", "locationName": "placementGroup" } } @@ -2580,7 +2614,7 @@ "type": "structure", "members": { "ReplaceRootVolumeTask": { - "shape": "Seo", + "shape": "Seu", "locationName": "replaceRootVolumeTask" } } @@ -2633,7 +2667,7 @@ "type": "structure", "members": { "ReservedInstancesListings": { - "shape": "S5i", + "shape": "S5p", "locationName": "reservedInstancesListingsSet" } } @@ -2747,7 +2781,7 @@ "type": "structure", "members": { "RouteTable": { - "shape": "Sf4", + "shape": "Sfa", "locationName": "routeTable" } } @@ -2810,7 +2844,7 @@ } }, "output": { - "shape": "Sfg" + "shape": "Sfm" } }, "CreateSnapshots": { @@ -2917,7 +2951,7 @@ "type": "structure", "members": { "SpotDatafeedSubscription": { - "shape": "Sfq", + "shape": "Sfw", "locationName": "spotDatafeedSubscription" } } @@ -2987,7 +3021,7 @@ "type": "structure", "members": { "Subnet": { - "shape": "S7n", + "shape": "S7u", "locationName": "subnet" } } @@ -3006,7 +3040,7 @@ "type": "boolean" }, "Resources": { - "shape": "Sg0", + "shape": "Sg6", "locationName": "ResourceId" }, "Tags": { @@ -3037,7 +3071,7 @@ "type": "structure", "members": { "TrafficMirrorFilter": { - "shape": "Sg4", + "shape": "Sga", "locationName": "trafficMirrorFilter" }, "ClientToken": { @@ -3065,10 +3099,10 @@ }, "RuleAction": {}, "DestinationPortRange": { - "shape": "Sge" + "shape": "Sgk" }, "SourcePortRange": { - "shape": "Sge" + "shape": "Sgk" }, "Protocol": { "type": "integer" @@ -3088,7 +3122,7 @@ "type": "structure", "members": { "TrafficMirrorFilterRule": { - "shape": "Sg6", + "shape": "Sgc", "locationName": "trafficMirrorFilterRule" }, "ClientToken": { @@ -3136,7 +3170,7 @@ "type": "structure", "members": { "TrafficMirrorSession": { - "shape": "Sgj", + "shape": "Sgp", "locationName": "trafficMirrorSession" }, "ClientToken": { @@ -3168,7 +3202,7 @@ "type": "structure", "members": { "TrafficMirrorTarget": { - "shape": "Sgm", + "shape": "Sgs", "locationName": "trafficMirrorTarget" }, "ClientToken": { @@ -3195,7 +3229,7 @@ "DnsSupport": {}, "MulticastSupport": {}, "TransitGatewayCidrBlocks": { - "shape": "Sgv" + "shape": "Sh1" } } }, @@ -3212,7 +3246,7 @@ "type": "structure", "members": { "TransitGateway": { - "shape": "Sgx", + "shape": "Sh3", "locationName": "transitGateway" } } @@ -3249,7 +3283,7 @@ "type": "structure", "members": { "TransitGatewayConnect": { - "shape": "Sh4", + "shape": "Sha", "locationName": "transitGatewayConnect" } } @@ -3276,7 +3310,7 @@ } }, "InsideCidrBlocks": { - "shape": "Sh8" + "shape": "She" }, "TagSpecifications": { "shape": "S1t", @@ -3291,7 +3325,7 @@ "type": "structure", "members": { "TransitGatewayConnectPeer": { - "shape": "Sha", + "shape": "Shg", "locationName": "transitGatewayConnectPeer" } } @@ -3326,7 +3360,7 @@ "type": "structure", "members": { "TransitGatewayMulticastDomain": { - "shape": "Shn", + "shape": "Sht", "locationName": "transitGatewayMulticastDomain" } } @@ -3388,7 +3422,7 @@ "type": "structure", "members": { "TransitGatewayPrefixListReference": { - "shape": "Shv", + "shape": "Si1", "locationName": "transitGatewayPrefixListReference" } } @@ -3417,7 +3451,7 @@ "type": "structure", "members": { "Route": { - "shape": "Si0", + "shape": "Si6", "locationName": "route" } } @@ -3443,7 +3477,7 @@ "type": "structure", "members": { "TransitGatewayRouteTable": { - "shape": "Si7", + "shape": "Sid", "locationName": "transitGatewayRouteTable" } } @@ -3528,7 +3562,7 @@ } }, "output": { - "shape": "Sid" + "shape": "Sij" } }, "CreateVpc": { @@ -3563,7 +3597,7 @@ "type": "structure", "members": { "Vpc": { - "shape": "S7t", + "shape": "S80", "locationName": "vpc" } } @@ -3585,15 +3619,15 @@ "ServiceName": {}, "PolicyDocument": {}, "RouteTableIds": { - "shape": "Sik", + "shape": "Siq", "locationName": "RouteTableId" }, "SubnetIds": { - "shape": "Sil", + "shape": "Sir", "locationName": "SubnetId" }, "SecurityGroupIds": { - "shape": "Sim", + "shape": "Sis", "locationName": "SecurityGroupId" }, "ClientToken": {}, @@ -3610,7 +3644,7 @@ "type": "structure", "members": { "VpcEndpoint": { - "shape": "Sio", + "shape": "Siu", "locationName": "vpcEndpoint" }, "ClientToken": { @@ -3643,7 +3677,7 @@ "type": "structure", "members": { "ConnectionNotification": { - "shape": "Six", + "shape": "Sj3", "locationName": "connectionNotification" }, "ClientToken": { @@ -3682,7 +3716,7 @@ "type": "structure", "members": { "ServiceConfiguration": { - "shape": "Sj2", + "shape": "Sj8", "locationName": "serviceConfiguration" }, "ClientToken": { @@ -3781,31 +3815,31 @@ }, "DPDTimeoutAction": {}, "Phase1EncryptionAlgorithms": { - "shape": "Sjh", + "shape": "Sjn", "locationName": "Phase1EncryptionAlgorithm" }, "Phase2EncryptionAlgorithms": { - "shape": "Sjj", + "shape": "Sjp", "locationName": "Phase2EncryptionAlgorithm" }, "Phase1IntegrityAlgorithms": { - "shape": "Sjl", + "shape": "Sjr", "locationName": "Phase1IntegrityAlgorithm" }, "Phase2IntegrityAlgorithms": { - "shape": "Sjn", + "shape": "Sjt", "locationName": "Phase2IntegrityAlgorithm" }, "Phase1DHGroupNumbers": { - "shape": "Sjp", + "shape": "Sjv", "locationName": "Phase1DHGroupNumber" }, "Phase2DHGroupNumbers": { - "shape": "Sjr", + "shape": "Sjx", "locationName": "Phase2DHGroupNumber" }, "IKEVersions": { - "shape": "Sjt", + "shape": "Sjz", "locationName": "IKEVersion" }, "StartupAction": {} @@ -3828,7 +3862,7 @@ "type": "structure", "members": { "VpnConnection": { - "shape": "Sjw", + "shape": "Sk2", "locationName": "vpnConnection" } } @@ -3873,7 +3907,7 @@ "type": "structure", "members": { "VpnGateway": { - "shape": "Skp", + "shape": "Skv", "locationName": "vpnGateway" } } @@ -3896,7 +3930,7 @@ "type": "structure", "members": { "CarrierGateway": { - "shape": "S6w", + "shape": "S73", "locationName": "carrierGateway" } } @@ -3919,7 +3953,7 @@ "type": "structure", "members": { "Status": { - "shape": "S7b", + "shape": "S7i", "locationName": "status" } } @@ -3945,7 +3979,7 @@ "type": "structure", "members": { "Status": { - "shape": "S7f", + "shape": "S7m", "locationName": "status" } } @@ -4016,7 +4050,7 @@ "type": "boolean" }, "FleetIds": { - "shape": "Sl3", + "shape": "Sl9", "locationName": "FleetId" }, "TerminateInstances": { @@ -4085,7 +4119,7 @@ "type": "boolean" }, "FlowLogIds": { - "shape": "Sld", + "shape": "Slj", "locationName": "FlowLogId" } } @@ -4168,7 +4202,7 @@ "type": "structure", "members": { "LaunchTemplate": { - "shape": "Sbo", + "shape": "Sbv", "locationName": "launchTemplate" } } @@ -4187,7 +4221,7 @@ "LaunchTemplateId": {}, "LaunchTemplateName": {}, "Versions": { - "shape": "Slp", + "shape": "Slv", "locationName": "LaunchTemplateVersion" } } @@ -4269,7 +4303,7 @@ "type": "structure", "members": { "Route": { - "shape": "Scs", + "shape": "Scz", "locationName": "route" } } @@ -4292,7 +4326,7 @@ "type": "structure", "members": { "LocalGatewayRouteTableVpcAssociation": { - "shape": "Scx", + "shape": "Sd4", "locationName": "localGatewayRouteTableVpcAssociation" } } @@ -4315,7 +4349,7 @@ "type": "structure", "members": { "PrefixList": { - "shape": "Sd3", + "shape": "Sda", "locationName": "prefixList" } } @@ -4661,7 +4695,7 @@ "type": "boolean" }, "Resources": { - "shape": "Sg0", + "shape": "Sg6", "locationName": "resourceId" }, "Tags": { @@ -4776,7 +4810,7 @@ "type": "structure", "members": { "TransitGateway": { - "shape": "Sgx", + "shape": "Sh3", "locationName": "transitGateway" } } @@ -4799,7 +4833,7 @@ "type": "structure", "members": { "TransitGatewayConnect": { - "shape": "Sh4", + "shape": "Sha", "locationName": "transitGatewayConnect" } } @@ -4822,7 +4856,7 @@ "type": "structure", "members": { "TransitGatewayConnectPeer": { - "shape": "Sha", + "shape": "Shg", "locationName": "transitGatewayConnectPeer" } } @@ -4845,7 +4879,7 @@ "type": "structure", "members": { "TransitGatewayMulticastDomain": { - "shape": "Shn", + "shape": "Sht", "locationName": "transitGatewayMulticastDomain" } } @@ -4893,7 +4927,7 @@ "type": "structure", "members": { "TransitGatewayPrefixListReference": { - "shape": "Shv", + "shape": "Si1", "locationName": "transitGatewayPrefixListReference" } } @@ -4918,7 +4952,7 @@ "type": "structure", "members": { "Route": { - "shape": "Si0", + "shape": "Si6", "locationName": "route" } } @@ -4941,7 +4975,7 @@ "type": "structure", "members": { "TransitGatewayRouteTable": { - "shape": "Si7", + "shape": "Sid", "locationName": "transitGatewayRouteTable" } } @@ -5040,7 +5074,7 @@ "type": "boolean" }, "ServiceIds": { - "shape": "Snw", + "shape": "So2", "locationName": "ServiceId" } } @@ -5202,7 +5236,7 @@ "type": "boolean" }, "InstanceTagKeys": { - "shape": "Soa", + "shape": "Sog", "locationName": "InstanceTagKey" } } @@ -5213,7 +5247,7 @@ "type": "structure", "members": { "InstanceTagAttribute": { - "shape": "Soc", + "shape": "Soi", "locationName": "instanceTagAttribute" } } @@ -5226,7 +5260,7 @@ "TransitGatewayMulticastDomainId": {}, "GroupIpAddress": {}, "NetworkInterfaceIds": { - "shape": "Soe" + "shape": "Sok" }, "DryRun": { "type": "boolean" @@ -5262,7 +5296,7 @@ "TransitGatewayMulticastDomainId": {}, "GroupIpAddress": {}, "NetworkInterfaceIds": { - "shape": "Soe" + "shape": "Sok" }, "DryRun": { "type": "boolean" @@ -5345,7 +5379,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "PublicIps": { @@ -5455,7 +5489,7 @@ "locationName": "addressSet", "type": "list", "member": { - "shape": "Sp7", + "shape": "Spd", "locationName": "item" } }, @@ -5482,7 +5516,7 @@ "type": "boolean" }, "Statuses": { - "shape": "Spb", + "shape": "Sph", "locationName": "statusSet" } } @@ -5493,7 +5527,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "ZoneNames": { @@ -5590,7 +5624,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -5606,7 +5640,7 @@ "locationName": "bundleInstanceTasksSet", "type": "list", "member": { - "shape": "S4z", + "shape": "S56", "locationName": "item" } } @@ -5662,7 +5696,7 @@ "type": "integer" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -5680,7 +5714,7 @@ "locationName": "capacityReservationSet", "type": "list", "member": { - "shape": "S6r", + "shape": "S6y", "locationName": "item" } } @@ -5697,7 +5731,7 @@ "member": {} }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -5716,7 +5750,7 @@ "locationName": "carrierGatewaySet", "type": "list", "member": { - "shape": "S6w", + "shape": "S73", "locationName": "item" } }, @@ -5731,7 +5765,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -5739,7 +5773,7 @@ "type": "boolean" }, "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "MaxResults": { @@ -5762,7 +5796,7 @@ "type": "structure", "members": { "Groups": { - "shape": "Se3", + "shape": "Se9", "locationName": "groupSet" }, "InstanceId": { @@ -5797,7 +5831,7 @@ }, "NextToken": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -5853,7 +5887,7 @@ "members": { "ClientVpnEndpointId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "NextToken": {}, @@ -5909,7 +5943,7 @@ "locationName": "commonName" }, "Status": { - "shape": "Sql", + "shape": "Sqr", "locationName": "status" }, "ConnectionEndTime": { @@ -5944,7 +5978,7 @@ }, "NextToken": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -5969,7 +6003,7 @@ "locationName": "description" }, "Status": { - "shape": "S7b", + "shape": "S7i", "locationName": "status" }, "CreationTime": { @@ -6134,7 +6168,7 @@ "members": { "ClientVpnEndpointId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -6172,7 +6206,7 @@ "locationName": "origin" }, "Status": { - "shape": "S7f", + "shape": "S7m", "locationName": "status" }, "Description": { @@ -6203,7 +6237,7 @@ }, "NextToken": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -6262,7 +6296,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -6334,7 +6368,7 @@ "locationName": "conversionTasks", "type": "list", "member": { - "shape": "Srq", + "shape": "Srw", "locationName": "item" } } @@ -6353,7 +6387,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -6369,7 +6403,7 @@ "locationName": "customerGatewaySet", "type": "list", "member": { - "shape": "S7k", + "shape": "S7r", "locationName": "item" } } @@ -6388,7 +6422,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -6408,7 +6442,7 @@ "locationName": "dhcpOptionsSet", "type": "list", "member": { - "shape": "S82", + "shape": "S89", "locationName": "item" } }, @@ -6437,7 +6471,7 @@ }, "NextToken": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" } } @@ -6449,7 +6483,7 @@ "locationName": "egressOnlyInternetGatewaySet", "type": "list", "member": { - "shape": "S89", + "shape": "S8g", "locationName": "item" } }, @@ -6474,7 +6508,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -6542,7 +6576,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "ExportImageTaskIds": { @@ -6581,7 +6615,7 @@ "locationName": "progress" }, "S3ExportLocation": { - "shape": "Sst", + "shape": "Ssz", "locationName": "s3ExportLocation" }, "Status": { @@ -6615,7 +6649,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" } } @@ -6627,7 +6661,7 @@ "locationName": "exportTaskSet", "type": "list", "member": { - "shape": "Sa0", + "shape": "Sa7", "locationName": "item" } } @@ -6639,7 +6673,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -6741,7 +6775,7 @@ "type": "structure", "members": { "EventInformation": { - "shape": "Sta", + "shape": "Stg", "locationName": "eventInformation" }, "EventType": { @@ -6787,7 +6821,7 @@ "NextToken": {}, "FleetId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" } } @@ -6796,7 +6830,7 @@ "type": "structure", "members": { "ActiveInstances": { - "shape": "Std", + "shape": "Stj", "locationName": "activeInstanceSet" }, "NextToken": { @@ -6820,11 +6854,11 @@ }, "NextToken": {}, "FleetIds": { - "shape": "Sl3", + "shape": "Sl9", "locationName": "FleetId" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" } } @@ -6877,14 +6911,14 @@ "type": "structure", "members": { "LaunchTemplateSpecification": { - "shape": "S96", + "shape": "S9d", "locationName": "launchTemplateSpecification" }, "Overrides": { "locationName": "overrides", "type": "list", "member": { - "shape": "S97", + "shape": "S9e", "locationName": "item" } } @@ -7022,7 +7056,7 @@ "type": "structure", "members": { "LaunchTemplateAndOverrides": { - "shape": "S95", + "shape": "S9c", "locationName": "launchTemplateAndOverrides" }, "Lifecycle": { @@ -7045,14 +7079,14 @@ "type": "structure", "members": { "LaunchTemplateAndOverrides": { - "shape": "S95", + "shape": "S9c", "locationName": "launchTemplateAndOverrides" }, "Lifecycle": { "locationName": "lifecycle" }, "InstanceIds": { - "shape": "S9c", + "shape": "S9j", "locationName": "instanceIds" }, "InstanceType": { @@ -7081,10 +7115,10 @@ "type": "boolean" }, "Filter": { - "shape": "Sot" + "shape": "Soz" }, "FlowLogIds": { - "shape": "Sld", + "shape": "Slj", "locationName": "FlowLogId" }, "MaxResults": { @@ -7176,7 +7210,7 @@ "type": "structure", "members": { "FpgaImageAttribute": { - "shape": "Su5", + "shape": "Sub", "locationName": "fpgaImageAttribute" } } @@ -7197,11 +7231,11 @@ } }, "Owners": { - "shape": "Sue", + "shape": "Suk", "locationName": "Owner" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "NextToken": {}, @@ -7272,7 +7306,7 @@ "locationName": "ownerAlias" }, "ProductCodes": { - "shape": "Su9", + "shape": "Suf", "locationName": "productCodes" }, "Tags": { @@ -7301,7 +7335,7 @@ "type": "structure", "members": { "Filter": { - "shape": "Sot" + "shape": "Soz" }, "MaxDuration": { "type": "integer" @@ -7362,7 +7396,7 @@ "type": "structure", "members": { "Filter": { - "shape": "Sot" + "shape": "Soz" }, "HostReservationIdSet": { "type": "list", @@ -7402,7 +7436,7 @@ "type": "timestamp" }, "HostIdSet": { - "shape": "Suz", + "shape": "Sv5", "locationName": "hostIdSet" }, "HostReservationId": { @@ -7448,11 +7482,11 @@ "type": "structure", "members": { "Filter": { - "shape": "Sot", + "shape": "Soz", "locationName": "filter" }, "HostIds": { - "shape": "Sv2", + "shape": "Sv8", "locationName": "hostId" }, "MaxResults": { @@ -7615,7 +7649,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -7652,7 +7686,7 @@ "type": "structure", "members": { "Statuses": { - "shape": "Spb", + "shape": "Sph", "locationName": "statusSet" } } @@ -7677,7 +7711,7 @@ "type": "structure", "members": { "Statuses": { - "shape": "Spb", + "shape": "Sph", "locationName": "statusSet" } } @@ -7703,38 +7737,38 @@ "type": "structure", "members": { "BlockDeviceMappings": { - "shape": "Svr", + "shape": "Svx", "locationName": "blockDeviceMapping" }, "ImageId": { "locationName": "imageId" }, "LaunchPermissions": { - "shape": "Svs", + "shape": "Svy", "locationName": "launchPermission" }, "ProductCodes": { - "shape": "Su9", + "shape": "Suf", "locationName": "productCodes" }, "Description": { - "shape": "S86", + "shape": "S8d", "locationName": "description" }, "KernelId": { - "shape": "S86", + "shape": "S8d", "locationName": "kernel" }, "RamdiskId": { - "shape": "S86", + "shape": "S8d", "locationName": "ramdisk" }, "SriovNetSupport": { - "shape": "S86", + "shape": "S8d", "locationName": "sriovNetSupport" }, "BootMode": { - "shape": "S86", + "shape": "S8d", "locationName": "bootMode" } } @@ -7752,7 +7786,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "ImageIds": { @@ -7763,7 +7797,7 @@ } }, "Owners": { - "shape": "Sue", + "shape": "Suk", "locationName": "Owner" }, "IncludeDeprecated": { @@ -7820,7 +7854,7 @@ "locationName": "usageOperation" }, "ProductCodes": { - "shape": "Su9", + "shape": "Suf", "locationName": "productCodes" }, "RamdiskId": { @@ -7830,7 +7864,7 @@ "locationName": "imageState" }, "BlockDeviceMappings": { - "shape": "Svr", + "shape": "Svx", "locationName": "blockDeviceMapping" }, "Description": { @@ -7859,7 +7893,7 @@ "locationName": "sriovNetSupport" }, "StateReason": { - "shape": "Sw5", + "shape": "Swb", "locationName": "stateReason" }, "Tags": { @@ -7889,7 +7923,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot" + "shape": "Soz" }, "ImportTaskIds": { "locationName": "ImportTaskId", @@ -7946,7 +7980,7 @@ "locationName": "progress" }, "SnapshotDetails": { - "shape": "Swe", + "shape": "Swk", "locationName": "snapshotDetailSet" }, "Status": { @@ -7960,7 +7994,7 @@ "locationName": "tagSet" }, "LicenseSpecifications": { - "shape": "Swh", + "shape": "Swn", "locationName": "licenseSpecifications" } } @@ -7980,7 +8014,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot" + "shape": "Soz" }, "ImportTaskIds": { "locationName": "ImportTaskId", @@ -8012,7 +8046,7 @@ "locationName": "importTaskId" }, "SnapshotTaskDetail": { - "shape": "Swp", + "shape": "Swv", "locationName": "snapshotTaskDetail" }, "Tags": { @@ -8052,66 +8086,66 @@ "type": "structure", "members": { "Groups": { - "shape": "Se3", + "shape": "Se9", "locationName": "groupSet" }, "BlockDeviceMappings": { - "shape": "Swt", + "shape": "Swz", "locationName": "blockDeviceMapping" }, "DisableApiTermination": { - "shape": "Sww", + "shape": "Sx2", "locationName": "disableApiTermination" }, "EnaSupport": { - "shape": "Sww", + "shape": "Sx2", "locationName": "enaSupport" }, "EnclaveOptions": { - "shape": "Swx", + "shape": "Sx3", "locationName": "enclaveOptions" }, "EbsOptimized": { - "shape": "Sww", + "shape": "Sx2", "locationName": "ebsOptimized" }, "InstanceId": { "locationName": "instanceId" }, "InstanceInitiatedShutdownBehavior": { - "shape": "S86", + "shape": "S8d", "locationName": "instanceInitiatedShutdownBehavior" }, "InstanceType": { - "shape": "S86", + "shape": "S8d", "locationName": "instanceType" }, "KernelId": { - "shape": "S86", + "shape": "S8d", "locationName": "kernel" }, "ProductCodes": { - "shape": "Su9", + "shape": "Suf", "locationName": "productCodes" }, "RamdiskId": { - "shape": "S86", + "shape": "S8d", "locationName": "ramdisk" }, "RootDeviceName": { - "shape": "S86", + "shape": "S8d", "locationName": "rootDeviceName" }, "SourceDestCheck": { - "shape": "Sww", + "shape": "Sx2", "locationName": "sourceDestCheck" }, "SriovNetSupport": { - "shape": "S86", + "shape": "S8d", "locationName": "sriovNetSupport" }, "UserData": { - "shape": "S86", + "shape": "S8d", "locationName": "userData" } } @@ -8125,11 +8159,11 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "MaxResults": { @@ -8176,7 +8210,7 @@ "type": "structure", "members": { "InstanceTagAttribute": { - "shape": "Soc", + "shape": "Soi", "locationName": "instanceTagAttribute" } } @@ -8187,11 +8221,11 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "MaxResults": { @@ -8228,7 +8262,7 @@ "locationName": "eventsSet", "type": "list", "member": { - "shape": "Sxa", + "shape": "Sxg", "locationName": "item" } }, @@ -8236,15 +8270,15 @@ "locationName": "instanceId" }, "InstanceState": { - "shape": "Sxd", + "shape": "Sxj", "locationName": "instanceState" }, "InstanceStatus": { - "shape": "Sxf", + "shape": "Sxl", "locationName": "instanceStatus" }, "SystemStatus": { - "shape": "Sxf", + "shape": "Sxl", "locationName": "systemStatus" } } @@ -8265,7 +8299,7 @@ }, "LocationType": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -8315,7 +8349,7 @@ "member": {} }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -8743,11 +8777,11 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "DryRun": { @@ -8770,7 +8804,7 @@ "locationName": "reservationSet", "type": "list", "member": { - "shape": "S10h", + "shape": "S10n", "locationName": "item" } }, @@ -8785,7 +8819,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -8812,7 +8846,7 @@ "locationName": "internetGatewaySet", "type": "list", "member": { - "shape": "Sa6", + "shape": "Sad", "locationName": "item" } }, @@ -8841,7 +8875,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" } } @@ -8893,7 +8927,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "KeyNames": { @@ -8955,7 +8989,7 @@ "LaunchTemplateId": {}, "LaunchTemplateName": {}, "Versions": { - "shape": "Slp", + "shape": "Slv", "locationName": "LaunchTemplateVersion" }, "MinVersion": {}, @@ -8965,7 +8999,7 @@ "type": "integer" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" } } @@ -8977,7 +9011,7 @@ "locationName": "launchTemplateVersionSet", "type": "list", "member": { - "shape": "Sbu", + "shape": "Sc1", "locationName": "item" } }, @@ -9009,7 +9043,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "NextToken": {}, @@ -9025,7 +9059,7 @@ "locationName": "launchTemplates", "type": "list", "member": { - "shape": "Sbo", + "shape": "Sbv", "locationName": "item" } }, @@ -9047,7 +9081,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9115,7 +9149,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9134,7 +9168,7 @@ "locationName": "localGatewayRouteTableVpcAssociationSet", "type": "list", "member": { - "shape": "Scx", + "shape": "Sd4", "locationName": "item" } }, @@ -9156,7 +9190,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9221,7 +9255,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9247,7 +9281,7 @@ "locationName": "localGatewayVirtualInterfaceGroupId" }, "LocalGatewayVirtualInterfaceIds": { - "shape": "S12j", + "shape": "S12p", "locationName": "localGatewayVirtualInterfaceIdSet" }, "LocalGatewayId": { @@ -9274,11 +9308,11 @@ "type": "structure", "members": { "LocalGatewayVirtualInterfaceIds": { - "shape": "S12j", + "shape": "S12p", "locationName": "LocalGatewayVirtualInterfaceId" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9352,7 +9386,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9407,7 +9441,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9430,7 +9464,7 @@ "locationName": "prefixListSet", "type": "list", "member": { - "shape": "Sd3", + "shape": "Sda", "locationName": "item" } } @@ -9442,7 +9476,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "filter" }, "DryRun": { @@ -9495,7 +9529,7 @@ "type": "boolean" }, "Filter": { - "shape": "Sot" + "shape": "Soz" }, "MaxResults": { "type": "integer" @@ -9517,7 +9551,7 @@ "locationName": "natGatewaySet", "type": "list", "member": { - "shape": "Sd9", + "shape": "Sdf", "locationName": "item" } }, @@ -9532,7 +9566,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -9559,7 +9593,7 @@ "locationName": "networkAclSet", "type": "list", "member": { - "shape": "Sdg", + "shape": "Sdm", "locationName": "item" } }, @@ -9588,7 +9622,7 @@ "type": "timestamp" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9607,7 +9641,7 @@ "locationName": "networkInsightsAnalysisSet", "type": "list", "member": { - "shape": "S13j", + "shape": "S13p", "locationName": "item" } }, @@ -9629,7 +9663,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9648,7 +9682,7 @@ "locationName": "networkInsightsPathSet", "type": "list", "member": { - "shape": "Sdv", + "shape": "Se1", "locationName": "item" } }, @@ -9681,22 +9715,22 @@ "type": "structure", "members": { "Attachment": { - "shape": "Se2", + "shape": "Se8", "locationName": "attachment" }, "Description": { - "shape": "S86", + "shape": "S8d", "locationName": "description" }, "Groups": { - "shape": "Se3", + "shape": "Se9", "locationName": "groupSet" }, "NetworkInterfaceId": { "locationName": "networkInterfaceId" }, "SourceDestCheck": { - "shape": "Sww", + "shape": "Sx2", "locationName": "sourceDestCheck" } } @@ -9712,7 +9746,7 @@ "member": {} }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "NextToken": {}, @@ -9728,7 +9762,7 @@ "locationName": "networkInterfacePermissions", "type": "list", "member": { - "shape": "See", + "shape": "Sek", "locationName": "item" } }, @@ -9743,7 +9777,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "filter" }, "DryRun": { @@ -9770,7 +9804,7 @@ "locationName": "networkInterfaceSet", "type": "list", "member": { - "shape": "Se0", + "shape": "Se6", "locationName": "item" } }, @@ -9785,7 +9819,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -9813,7 +9847,7 @@ "locationName": "placementGroupSet", "type": "list", "member": { - "shape": "Sek", + "shape": "Seq", "locationName": "item" } } @@ -9828,7 +9862,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -9907,7 +9941,7 @@ "locationName": "arn" }, "Statuses": { - "shape": "Spb", + "shape": "Sph", "locationName": "statusSet" } } @@ -9935,7 +9969,7 @@ "type": "integer" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" } } @@ -10009,7 +10043,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "RegionNames": { @@ -10065,7 +10099,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -10084,7 +10118,7 @@ "locationName": "replaceRootVolumeTaskSet", "type": "list", "member": { - "shape": "Seo", + "shape": "Seu", "locationName": "item" } }, @@ -10099,12 +10133,12 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "OfferingClass": {}, "ReservedInstancesIds": { - "shape": "S15l", + "shape": "S15r", "locationName": "ReservedInstancesId" }, "DryRun": { @@ -10178,7 +10212,7 @@ "locationName": "offeringType" }, "RecurringCharges": { - "shape": "S15t", + "shape": "S15z", "locationName": "recurringCharges" }, "Scope": { @@ -10199,7 +10233,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "ReservedInstancesId": { @@ -10214,7 +10248,7 @@ "type": "structure", "members": { "ReservedInstancesListings": { - "shape": "S5i", + "shape": "S5p", "locationName": "reservedInstancesListingsSet" } } @@ -10225,7 +10259,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "ReservedInstancesModificationIds": { @@ -10275,7 +10309,7 @@ "locationName": "reservedInstancesId" }, "TargetConfiguration": { - "shape": "S167", + "shape": "S16d", "locationName": "targetConfiguration" } } @@ -10319,7 +10353,7 @@ "members": { "AvailabilityZone": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "IncludeMarketplace": { @@ -10430,7 +10464,7 @@ } }, "RecurringCharges": { - "shape": "S15t", + "shape": "S15z", "locationName": "recurringCharges" }, "Scope": { @@ -10450,7 +10484,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -10477,7 +10511,7 @@ "locationName": "routeTableSet", "type": "list", "member": { - "shape": "Sf4", + "shape": "Sfa", "locationName": "item" } }, @@ -10499,7 +10533,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "FirstSlotStartTimeRange": { @@ -10598,7 +10632,7 @@ "locationName": "purchaseToken" }, "Recurrence": { - "shape": "S16u", + "shape": "S170", "locationName": "recurrence" }, "SlotDurationInHours": { @@ -10623,7 +10657,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -10660,7 +10694,7 @@ "locationName": "scheduledInstanceSet", "type": "list", "member": { - "shape": "S172", + "shape": "S178", "locationName": "item" } } @@ -10710,12 +10744,46 @@ } } }, + "DescribeSecurityGroupRules": { + "input": { + "type": "structure", + "members": { + "Filters": { + "shape": "Soz", + "locationName": "Filter" + }, + "SecurityGroupRuleIds": { + "shape": "S17f", + "locationName": "SecurityGroupRuleId" + }, + "DryRun": { + "type": "boolean" + }, + "NextToken": {}, + "MaxResults": { + "type": "integer" + } + } + }, + "output": { + "type": "structure", + "members": { + "SecurityGroupRules": { + "shape": "S4t", + "locationName": "securityGroupRuleSet" + }, + "NextToken": { + "locationName": "nextToken" + } + } + } + }, "DescribeSecurityGroups": { "input": { "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "GroupIds": { @@ -10723,7 +10791,7 @@ "locationName": "GroupId" }, "GroupNames": { - "shape": "S179", + "shape": "S17j", "locationName": "GroupName" }, "DryRun": { @@ -10802,11 +10870,11 @@ "type": "structure", "members": { "CreateVolumePermissions": { - "shape": "S17h", + "shape": "S17r", "locationName": "createVolumePermission" }, "ProductCodes": { - "shape": "Su9", + "shape": "Suf", "locationName": "productCodes" }, "SnapshotId": { @@ -10820,7 +10888,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -10828,7 +10896,7 @@ }, "NextToken": {}, "OwnerIds": { - "shape": "Sue", + "shape": "Suk", "locationName": "Owner" }, "RestorableByUserIds": { @@ -10837,7 +10905,7 @@ "member": {} }, "SnapshotIds": { - "shape": "S17l", + "shape": "S17v", "locationName": "SnapshotId" }, "DryRun": { @@ -10853,7 +10921,7 @@ "locationName": "snapshotSet", "type": "list", "member": { - "shape": "Sfg", + "shape": "Sfm", "locationName": "item" } }, @@ -10877,7 +10945,7 @@ "type": "structure", "members": { "SpotDatafeedSubscription": { - "shape": "Sfq", + "shape": "Sfw", "locationName": "spotDatafeedSubscription" } } @@ -10910,7 +10978,7 @@ "type": "structure", "members": { "ActiveInstances": { - "shape": "Std", + "shape": "Stj", "locationName": "activeInstanceSet" }, "NextToken": { @@ -10964,7 +11032,7 @@ "type": "structure", "members": { "EventInformation": { - "shape": "Sta", + "shape": "Stg", "locationName": "eventInformation" }, "EventType": { @@ -11010,7 +11078,7 @@ "locationName": "nextToken" }, "SpotFleetRequestIds": { - "shape": "S5u", + "shape": "S61", "locationName": "spotFleetRequestId" } } @@ -11036,7 +11104,7 @@ "type": "timestamp" }, "SpotFleetRequestConfig": { - "shape": "S184", + "shape": "S18e", "locationName": "spotFleetRequestConfig" }, "SpotFleetRequestId": { @@ -11060,7 +11128,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -11068,7 +11136,7 @@ "type": "boolean" }, "SpotInstanceRequestIds": { - "shape": "S65", + "shape": "S6c", "locationName": "SpotInstanceRequestId" }, "NextToken": {}, @@ -11081,7 +11149,7 @@ "type": "structure", "members": { "SpotInstanceRequests": { - "shape": "S18w", + "shape": "S196", "locationName": "spotInstanceRequestSet" }, "NextToken": { @@ -11095,7 +11163,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "AvailabilityZone": { @@ -11207,11 +11275,11 @@ "locationName": "groupName" }, "StaleIpPermissions": { - "shape": "S19e", + "shape": "S19o", "locationName": "staleIpPermissions" }, "StaleIpPermissionsEgress": { - "shape": "S19e", + "shape": "S19o", "locationName": "staleIpPermissionsEgress" }, "VpcId": { @@ -11238,7 +11306,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "NextToken": {}, @@ -11294,7 +11362,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "SubnetIds": { @@ -11321,7 +11389,7 @@ "locationName": "subnetSet", "type": "list", "member": { - "shape": "S7n", + "shape": "S7u", "locationName": "item" } }, @@ -11340,7 +11408,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11398,7 +11466,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11414,7 +11482,7 @@ "locationName": "trafficMirrorFilterSet", "type": "list", "member": { - "shape": "Sg4", + "shape": "Sga", "locationName": "item" } }, @@ -11439,7 +11507,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11455,7 +11523,7 @@ "locationName": "trafficMirrorSessionSet", "type": "list", "member": { - "shape": "Sgj", + "shape": "Sgp", "locationName": "item" } }, @@ -11480,7 +11548,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11496,7 +11564,7 @@ "locationName": "trafficMirrorTargetSet", "type": "list", "member": { - "shape": "Sgm", + "shape": "Sgs", "locationName": "item" } }, @@ -11511,10 +11579,10 @@ "type": "structure", "members": { "TransitGatewayAttachmentIds": { - "shape": "S1ac" + "shape": "S1am" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11597,7 +11665,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11616,7 +11684,7 @@ "locationName": "transitGatewayConnectPeerSet", "type": "list", "member": { - "shape": "Sha", + "shape": "Shg", "locationName": "item" } }, @@ -11631,10 +11699,10 @@ "type": "structure", "members": { "TransitGatewayAttachmentIds": { - "shape": "S1ac" + "shape": "S1am" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11653,7 +11721,7 @@ "locationName": "transitGatewayConnectSet", "type": "list", "member": { - "shape": "Sh4", + "shape": "Sha", "locationName": "item" } }, @@ -11674,7 +11742,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11693,7 +11761,7 @@ "locationName": "transitGatewayMulticastDomains", "type": "list", "member": { - "shape": "Shn", + "shape": "Sht", "locationName": "item" } }, @@ -11708,10 +11776,10 @@ "type": "structure", "members": { "TransitGatewayAttachmentIds": { - "shape": "S1ac" + "shape": "S1am" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11751,7 +11819,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11770,7 +11838,7 @@ "locationName": "transitGatewayRouteTables", "type": "list", "member": { - "shape": "Si7", + "shape": "Sid", "locationName": "item" } }, @@ -11785,10 +11853,10 @@ "type": "structure", "members": { "TransitGatewayAttachmentIds": { - "shape": "S1ac" + "shape": "S1am" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11828,7 +11896,7 @@ } }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11847,7 +11915,7 @@ "locationName": "transitGatewaySet", "type": "list", "member": { - "shape": "Sgx", + "shape": "Sh3", "locationName": "item" } }, @@ -11872,7 +11940,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "NextToken": {}, @@ -11918,11 +11986,11 @@ "type": "structure", "members": { "AutoEnableIO": { - "shape": "Sww", + "shape": "Sx2", "locationName": "autoEnableIO" }, "ProductCodes": { - "shape": "Su9", + "shape": "Suf", "locationName": "productCodes" }, "VolumeId": { @@ -11936,7 +12004,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -11944,7 +12012,7 @@ }, "NextToken": {}, "VolumeIds": { - "shape": "S1bg", + "shape": "S1bq", "locationName": "VolumeId" }, "DryRun": { @@ -12079,11 +12147,11 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "VolumeIds": { - "shape": "S1bg", + "shape": "S1bq", "locationName": "VolumeId" }, "DryRun": { @@ -12106,7 +12174,7 @@ "locationName": "volumeSet", "type": "list", "member": { - "shape": "Sid", + "shape": "Sij", "locationName": "item" } }, @@ -12124,11 +12192,11 @@ "type": "boolean" }, "VolumeIds": { - "shape": "S1bg", + "shape": "S1bq", "locationName": "VolumeId" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "NextToken": {}, @@ -12144,7 +12212,7 @@ "locationName": "volumeModificationSet", "type": "list", "member": { - "shape": "S1c1", + "shape": "S1cb", "locationName": "item" } }, @@ -12177,11 +12245,11 @@ "locationName": "vpcId" }, "EnableDnsHostnames": { - "shape": "Sww", + "shape": "Sx2", "locationName": "enableDnsHostnames" }, "EnableDnsSupport": { - "shape": "Sww", + "shape": "Sx2", "locationName": "enableDnsSupport" } } @@ -12192,7 +12260,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -12200,7 +12268,7 @@ "type": "boolean" }, "VpcIds": { - "shape": "S1c7", + "shape": "S1ch", "locationName": "VpcId" } } @@ -12244,7 +12312,7 @@ "locationName": "nextToken" }, "VpcIds": { - "shape": "S1c7" + "shape": "S1ch" } } }, @@ -12283,7 +12351,7 @@ }, "ConnectionNotificationId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -12299,7 +12367,7 @@ "locationName": "connectionNotificationSet", "type": "list", "member": { - "shape": "Six", + "shape": "Sj3", "locationName": "item" } }, @@ -12317,7 +12385,7 @@ "type": "boolean" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -12353,7 +12421,7 @@ "type": "timestamp" }, "DnsEntries": { - "shape": "Sis", + "shape": "Siy", "locationName": "dnsEntrySet" }, "NetworkLoadBalancerArns": { @@ -12381,11 +12449,11 @@ "type": "boolean" }, "ServiceIds": { - "shape": "Snw", + "shape": "So2", "locationName": "ServiceId" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -12401,7 +12469,7 @@ "locationName": "serviceConfigurationSet", "type": "list", "member": { - "shape": "Sj2", + "shape": "Sj8", "locationName": "item" } }, @@ -12423,7 +12491,7 @@ }, "ServiceId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -12469,7 +12537,7 @@ "locationName": "ServiceName" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -12499,7 +12567,7 @@ "locationName": "serviceId" }, "ServiceType": { - "shape": "Sj3", + "shape": "Sj9", "locationName": "serviceType" }, "AvailabilityZones": { @@ -12569,7 +12637,7 @@ "locationName": "VpcEndpointId" }, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -12585,7 +12653,7 @@ "locationName": "vpcEndpointSet", "type": "list", "member": { - "shape": "Sio", + "shape": "Siu", "locationName": "item" } }, @@ -12600,7 +12668,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "DryRun": { @@ -12642,7 +12710,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "VpcIds": { @@ -12669,7 +12737,7 @@ "locationName": "vpcSet", "type": "list", "member": { - "shape": "S7t", + "shape": "S80", "locationName": "item" } }, @@ -12684,7 +12752,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "VpnConnectionIds": { @@ -12707,7 +12775,7 @@ "locationName": "vpnConnectionSet", "type": "list", "member": { - "shape": "Sjw", + "shape": "Sk2", "locationName": "item" } } @@ -12719,7 +12787,7 @@ "type": "structure", "members": { "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "VpnGatewayIds": { @@ -12742,7 +12810,7 @@ "locationName": "vpnGatewaySet", "type": "list", "member": { - "shape": "Skp", + "shape": "Skv", "locationName": "item" } } @@ -12889,11 +12957,11 @@ ], "members": { "AvailabilityZones": { - "shape": "S1dx", + "shape": "S1e7", "locationName": "AvailabilityZone" }, "SourceSnapshotIds": { - "shape": "S17l", + "shape": "S17v", "locationName": "SourceSnapshotId" }, "DryRun": { @@ -13054,7 +13122,7 @@ "type": "structure", "members": { "Propagation": { - "shape": "S1ec", + "shape": "S1em", "locationName": "propagation" } } @@ -13378,11 +13446,11 @@ ], "members": { "AvailabilityZones": { - "shape": "S1dx", + "shape": "S1e7", "locationName": "AvailabilityZone" }, "SourceSnapshotIds": { - "shape": "S17l", + "shape": "S17v", "locationName": "SourceSnapshotId" }, "DryRun": { @@ -13547,7 +13615,7 @@ "type": "structure", "members": { "Propagation": { - "shape": "S1ec", + "shape": "S1em", "locationName": "propagation" } } @@ -13742,7 +13810,7 @@ "locationName": "progress" }, "S3ExportLocation": { - "shape": "Sst", + "shape": "Ssz", "locationName": "s3ExportLocation" }, "Status": { @@ -13768,7 +13836,7 @@ "members": { "TransitGatewayRouteTableId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "S3Bucket": {}, @@ -13935,7 +14003,7 @@ "members": { "PoolId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -14059,7 +14127,7 @@ "type": "structure", "members": { "InstanceFamilyCreditSpecification": { - "shape": "S1gr", + "shape": "S1h1", "locationName": "instanceFamilyCreditSpecification" } } @@ -14206,7 +14274,7 @@ ], "members": { "HostIdSet": { - "shape": "S1h8" + "shape": "S1hi" }, "OfferingId": {} } @@ -14218,7 +14286,7 @@ "locationName": "currencyCode" }, "Purchase": { - "shape": "S1ha", + "shape": "S1hk", "locationName": "purchase" }, "TotalHourlyPrice": { @@ -14247,7 +14315,7 @@ "type": "structure", "members": { "LaunchTemplateData": { - "shape": "Sbv", + "shape": "Sc2", "locationName": "launchTemplateData" } } @@ -14408,7 +14476,7 @@ "locationName": "paymentDue" }, "ReservedInstanceValueRollup": { - "shape": "S1hr", + "shape": "S1i1", "locationName": "reservedInstanceValueRollup" }, "ReservedInstanceValueSet": { @@ -14419,7 +14487,7 @@ "type": "structure", "members": { "ReservationValue": { - "shape": "S1hr", + "shape": "S1i1", "locationName": "reservationValue" }, "ReservedInstanceId": { @@ -14429,7 +14497,7 @@ } }, "TargetConfigurationValueRollup": { - "shape": "S1hr", + "shape": "S1i1", "locationName": "targetConfigurationValueRollup" }, "TargetConfigurationValueSet": { @@ -14440,7 +14508,7 @@ "type": "structure", "members": { "ReservationValue": { - "shape": "S1hr", + "shape": "S1i1", "locationName": "reservationValue" }, "TargetConfiguration": { @@ -14493,7 +14561,7 @@ "members": { "TransitGatewayAttachmentId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -14536,7 +14604,7 @@ "members": { "TransitGatewayMulticastDomainId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -14592,7 +14660,7 @@ "members": { "TransitGatewayRouteTableId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -14611,7 +14679,7 @@ "locationName": "transitGatewayPrefixListReferenceSet", "type": "list", "member": { - "shape": "Shv", + "shape": "Si1", "locationName": "item" } }, @@ -14630,7 +14698,7 @@ "members": { "TransitGatewayRouteTableId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -14682,7 +14750,7 @@ "members": { "TransitGatewayRouteTableId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -14756,7 +14824,7 @@ "members": { "Architecture": {}, "ClientData": { - "shape": "S1il" + "shape": "S1iv" }, "ClientToken": {}, "Description": {}, @@ -14773,7 +14841,7 @@ "SnapshotId": {}, "Url": {}, "UserBucket": { - "shape": "S1io" + "shape": "S1iy" } } } @@ -14840,7 +14908,7 @@ "locationName": "progress" }, "SnapshotDetails": { - "shape": "Swe", + "shape": "Swk", "locationName": "snapshotDetailSet" }, "Status": { @@ -14850,7 +14918,7 @@ "locationName": "statusMessage" }, "LicenseSpecifications": { - "shape": "Swh", + "shape": "Swn", "locationName": "licenseSpecifications" }, "Tags": { @@ -14878,10 +14946,10 @@ "members": { "Description": {}, "Image": { - "shape": "S1iv" + "shape": "S1j5" }, "Volume": { - "shape": "S1iw" + "shape": "S1j6" } } } @@ -14901,11 +14969,11 @@ "locationName": "architecture" }, "GroupIds": { - "shape": "Sal", + "shape": "Sas", "locationName": "GroupId" }, "GroupNames": { - "shape": "Sb5", + "shape": "Sbc", "locationName": "GroupName" }, "InstanceInitiatedShutdownBehavior": { @@ -14919,7 +14987,7 @@ "type": "boolean" }, "Placement": { - "shape": "S8x", + "shape": "S94", "locationName": "placement" }, "PrivateIpAddress": { @@ -14949,7 +15017,7 @@ "type": "structure", "members": { "ConversionTask": { - "shape": "Srq", + "shape": "Srw", "locationName": "conversionTask" } } @@ -15004,7 +15072,7 @@ "type": "structure", "members": { "ClientData": { - "shape": "S1il" + "shape": "S1iv" }, "ClientToken": {}, "Description": {}, @@ -15015,7 +15083,7 @@ "Format": {}, "Url": {}, "UserBucket": { - "shape": "S1io" + "shape": "S1iy" } } }, @@ -15043,7 +15111,7 @@ "locationName": "importTaskId" }, "SnapshotTaskDetail": { - "shape": "Swp", + "shape": "Swv", "locationName": "snapshotTaskDetail" }, "Tags": { @@ -15073,11 +15141,11 @@ "type": "boolean" }, "Image": { - "shape": "S1iv", + "shape": "S1j5", "locationName": "image" }, "Volume": { - "shape": "S1iw", + "shape": "S1j6", "locationName": "volume" } } @@ -15086,7 +15154,7 @@ "type": "structure", "members": { "ConversionTask": { - "shape": "Srq", + "shape": "Srw", "locationName": "conversionTask" } } @@ -15110,7 +15178,7 @@ "type": "structure", "members": { "Address": { - "shape": "Sp7", + "shape": "Spd", "locationName": "address" } } @@ -15184,7 +15252,7 @@ "ClientVpnEndpointId": {}, "ServerCertificateArn": {}, "ConnectionLogOptions": { - "shape": "S76" + "shape": "S7d" }, "DnsServers": { "type": "structure", @@ -15214,7 +15282,7 @@ "VpcId": {}, "SelfServicePortal": {}, "ClientConnectOptions": { - "shape": "S79" + "shape": "S7g" } } }, @@ -15247,7 +15315,7 @@ "type": "structure", "members": { "InstanceFamilyCreditSpecification": { - "shape": "S1gr", + "shape": "S1h1", "locationName": "instanceFamilyCreditSpecification" } } @@ -15287,12 +15355,12 @@ }, "ExcessCapacityTerminationPolicy": {}, "LaunchTemplateConfigs": { - "shape": "S8p", + "shape": "S8w", "locationName": "LaunchTemplateConfig" }, "FleetId": {}, "TargetCapacitySpecification": { - "shape": "S8y" + "shape": "S95" }, "Context": {} } @@ -15321,25 +15389,25 @@ "Attribute": {}, "OperationType": {}, "UserIds": { - "shape": "S1jp", + "shape": "S1jz", "locationName": "UserId" }, "UserGroups": { - "shape": "S1jq", + "shape": "S1k0", "locationName": "UserGroup" }, "ProductCodes": { - "shape": "S1jr", + "shape": "S1k1", "locationName": "ProductCode" }, "LoadPermission": { "type": "structure", "members": { "Add": { - "shape": "S1jt" + "shape": "S1k3" }, "Remove": { - "shape": "S1jt" + "shape": "S1k3" } } }, @@ -15351,7 +15419,7 @@ "type": "structure", "members": { "FpgaImageAttribute": { - "shape": "Su5", + "shape": "Sub", "locationName": "fpgaImageAttribute" } } @@ -15368,7 +15436,7 @@ "locationName": "autoPlacement" }, "HostIds": { - "shape": "Sv2", + "shape": "Sv8", "locationName": "hostId" }, "HostRecovery": {}, @@ -15384,7 +15452,7 @@ "locationName": "successful" }, "Unsuccessful": { - "shape": "S1jy", + "shape": "S1k8", "locationName": "unsuccessful" } } @@ -15436,31 +15504,31 @@ "members": { "Attribute": {}, "Description": { - "shape": "S86" + "shape": "S8d" }, "ImageId": {}, "LaunchPermission": { "type": "structure", "members": { "Add": { - "shape": "Svs" + "shape": "Svy" }, "Remove": { - "shape": "Svs" + "shape": "Svy" } } }, "OperationType": {}, "ProductCodes": { - "shape": "S1jr", + "shape": "S1k1", "locationName": "ProductCode" }, "UserGroups": { - "shape": "S1jq", + "shape": "S1k0", "locationName": "UserGroup" }, "UserIds": { - "shape": "S1jp", + "shape": "S1jz", "locationName": "UserId" }, "Value": {}, @@ -15479,7 +15547,7 @@ ], "members": { "SourceDestCheck": { - "shape": "Sww" + "shape": "Sx2" }, "Attribute": { "locationName": "attribute" @@ -15517,7 +15585,7 @@ } }, "DisableApiTermination": { - "shape": "Sww", + "shape": "Sx2", "locationName": "disableApiTermination" }, "DryRun": { @@ -15525,11 +15593,11 @@ "type": "boolean" }, "EbsOptimized": { - "shape": "Sww", + "shape": "Sx2", "locationName": "ebsOptimized" }, "EnaSupport": { - "shape": "Sww", + "shape": "Sx2", "locationName": "enaSupport" }, "Groups": { @@ -15540,23 +15608,23 @@ "locationName": "instanceId" }, "InstanceInitiatedShutdownBehavior": { - "shape": "S86", + "shape": "S8d", "locationName": "instanceInitiatedShutdownBehavior" }, "InstanceType": { - "shape": "S86", + "shape": "S8d", "locationName": "instanceType" }, "Kernel": { - "shape": "S86", + "shape": "S8d", "locationName": "kernel" }, "Ramdisk": { - "shape": "S86", + "shape": "S8d", "locationName": "ramdisk" }, "SriovNetSupport": { - "shape": "S86", + "shape": "S8d", "locationName": "sriovNetSupport" }, "UserData": { @@ -15585,7 +15653,7 @@ "members": { "InstanceId": {}, "CapacityReservationSpecification": { - "shape": "S1k9" + "shape": "S1kj" }, "DryRun": { "type": "boolean" @@ -15694,7 +15762,7 @@ "type": "structure", "members": { "Event": { - "shape": "Sxa", + "shape": "Sxg", "locationName": "event" } } @@ -15725,7 +15793,7 @@ "locationName": "instanceId" }, "InstanceMetadataOptions": { - "shape": "S112", + "shape": "S118", "locationName": "instanceMetadataOptions" } } @@ -15786,7 +15854,7 @@ "type": "structure", "members": { "LaunchTemplate": { - "shape": "Sbo", + "shape": "Sbv", "locationName": "launchTemplate" } } @@ -15808,7 +15876,7 @@ }, "PrefixListName": {}, "AddEntries": { - "shape": "Sd0", + "shape": "Sd7", "locationName": "AddEntry" }, "RemoveEntries": { @@ -15830,7 +15898,7 @@ "type": "structure", "members": { "PrefixList": { - "shape": "Sd3", + "shape": "Sda", "locationName": "prefixList" } } @@ -15857,7 +15925,7 @@ } }, "Description": { - "shape": "S86", + "shape": "S8d", "locationName": "description" }, "DryRun": { @@ -15865,14 +15933,14 @@ "type": "boolean" }, "Groups": { - "shape": "Sal", + "shape": "Sas", "locationName": "SecurityGroupId" }, "NetworkInterfaceId": { "locationName": "networkInterfaceId" }, "SourceDestCheck": { - "shape": "Sww", + "shape": "Sx2", "locationName": "sourceDestCheck" } } @@ -15887,7 +15955,7 @@ ], "members": { "ReservedInstancesIds": { - "shape": "S15l", + "shape": "S15r", "locationName": "ReservedInstancesId" }, "ClientToken": { @@ -15897,7 +15965,7 @@ "locationName": "ReservedInstancesConfigurationSetItemType", "type": "list", "member": { - "shape": "S167", + "shape": "S16d", "locationName": "item" } } @@ -15912,6 +15980,58 @@ } } }, + "ModifySecurityGroupRules": { + "input": { + "type": "structure", + "required": [ + "GroupId", + "SecurityGroupRules" + ], + "members": { + "GroupId": {}, + "SecurityGroupRules": { + "locationName": "SecurityGroupRule", + "type": "list", + "member": { + "locationName": "item", + "type": "structure", + "members": { + "SecurityGroupRuleId": {}, + "SecurityGroupRule": { + "type": "structure", + "members": { + "IpProtocol": {}, + "FromPort": { + "type": "integer" + }, + "ToPort": { + "type": "integer" + }, + "CidrIpv4": {}, + "CidrIpv6": {}, + "PrefixListId": {}, + "ReferencedGroupId": {}, + "Description": {} + } + } + } + } + }, + "DryRun": { + "type": "boolean" + } + } + }, + "output": { + "type": "structure", + "members": { + "Return": { + "locationName": "return", + "type": "boolean" + } + } + } + }, "ModifySnapshotAttribute": { "input": { "type": "structure", @@ -15924,21 +16044,21 @@ "type": "structure", "members": { "Add": { - "shape": "S17h" + "shape": "S17r" }, "Remove": { - "shape": "S17h" + "shape": "S17r" } } }, "GroupNames": { - "shape": "S179", + "shape": "S17j", "locationName": "UserGroup" }, "OperationType": {}, "SnapshotId": {}, "UserIds": { - "shape": "S1jp", + "shape": "S1jz", "locationName": "UserId" }, "DryRun": { @@ -15959,7 +16079,7 @@ "locationName": "excessCapacityTerminationPolicy" }, "LaunchTemplateConfigs": { - "shape": "S18j", + "shape": "S18t", "locationName": "LaunchTemplateConfig" }, "SpotFleetRequestId": { @@ -15993,16 +16113,16 @@ ], "members": { "AssignIpv6AddressOnCreation": { - "shape": "Sww" + "shape": "Sx2" }, "MapPublicIpOnLaunch": { - "shape": "Sww" + "shape": "Sx2" }, "SubnetId": { "locationName": "subnetId" }, "MapCustomerOwnedIpOnLaunch": { - "shape": "Sww" + "shape": "Sx2" }, "CustomerOwnedIpv4Pool": {} } @@ -16017,11 +16137,11 @@ "members": { "TrafficMirrorFilterId": {}, "AddNetworkServices": { - "shape": "Sga", + "shape": "Sgg", "locationName": "AddNetworkService" }, "RemoveNetworkServices": { - "shape": "Sga", + "shape": "Sgg", "locationName": "RemoveNetworkService" }, "DryRun": { @@ -16033,7 +16153,7 @@ "type": "structure", "members": { "TrafficMirrorFilter": { - "shape": "Sg4", + "shape": "Sga", "locationName": "trafficMirrorFilter" } } @@ -16053,10 +16173,10 @@ }, "RuleAction": {}, "DestinationPortRange": { - "shape": "Sge" + "shape": "Sgk" }, "SourcePortRange": { - "shape": "Sge" + "shape": "Sgk" }, "Protocol": { "type": "integer" @@ -16078,7 +16198,7 @@ "type": "structure", "members": { "TrafficMirrorFilterRule": { - "shape": "Sg6", + "shape": "Sgc", "locationName": "trafficMirrorFilterRule" } } @@ -16118,7 +16238,7 @@ "type": "structure", "members": { "TrafficMirrorSession": { - "shape": "Sgj", + "shape": "Sgp", "locationName": "trafficMirrorSession" } } @@ -16137,10 +16257,10 @@ "type": "structure", "members": { "AddTransitGatewayCidrBlocks": { - "shape": "Sgv" + "shape": "Sh1" }, "RemoveTransitGatewayCidrBlocks": { - "shape": "Sgv" + "shape": "Sh1" }, "VpnEcmpSupport": {}, "DnsSupport": {}, @@ -16160,7 +16280,7 @@ "type": "structure", "members": { "TransitGateway": { - "shape": "Sgx", + "shape": "Sh3", "locationName": "transitGateway" } } @@ -16189,7 +16309,7 @@ "type": "structure", "members": { "TransitGatewayPrefixListReference": { - "shape": "Shv", + "shape": "Si1", "locationName": "transitGatewayPrefixListReference" } } @@ -16262,7 +16382,7 @@ "type": "structure", "members": { "VolumeModification": { - "shape": "S1c1", + "shape": "S1cb", "locationName": "volumeModification" } } @@ -16276,7 +16396,7 @@ ], "members": { "AutoEnableIO": { - "shape": "Sww" + "shape": "Sx2" }, "VolumeId": {}, "DryRun": { @@ -16294,10 +16414,10 @@ ], "members": { "EnableDnsHostnames": { - "shape": "Sww" + "shape": "Sx2" }, "EnableDnsSupport": { - "shape": "Sww" + "shape": "Sx2" }, "VpcId": { "locationName": "vpcId" @@ -16321,27 +16441,27 @@ }, "PolicyDocument": {}, "AddRouteTableIds": { - "shape": "Sik", + "shape": "Siq", "locationName": "AddRouteTableId" }, "RemoveRouteTableIds": { - "shape": "Sik", + "shape": "Siq", "locationName": "RemoveRouteTableId" }, "AddSubnetIds": { - "shape": "Sil", + "shape": "Sir", "locationName": "AddSubnetId" }, "RemoveSubnetIds": { - "shape": "Sil", + "shape": "Sir", "locationName": "RemoveSubnetId" }, "AddSecurityGroupIds": { - "shape": "Sim", + "shape": "Sis", "locationName": "AddSecurityGroupId" }, "RemoveSecurityGroupIds": { - "shape": "Sim", + "shape": "Sis", "locationName": "RemoveSecurityGroupId" }, "PrivateDnsEnabled": { @@ -16469,13 +16589,13 @@ ], "members": { "AccepterPeeringConnectionOptions": { - "shape": "S1m4" + "shape": "S1mj" }, "DryRun": { "type": "boolean" }, "RequesterPeeringConnectionOptions": { - "shape": "S1m4" + "shape": "S1mj" }, "VpcPeeringConnectionId": {} } @@ -16484,11 +16604,11 @@ "type": "structure", "members": { "AccepterPeeringConnectionOptions": { - "shape": "S1m6", + "shape": "S1ml", "locationName": "accepterPeeringConnectionOptions" }, "RequesterPeeringConnectionOptions": { - "shape": "S1m6", + "shape": "S1ml", "locationName": "requesterPeeringConnectionOptions" } } @@ -16539,7 +16659,7 @@ "type": "structure", "members": { "VpnConnection": { - "shape": "Sjw", + "shape": "Sk2", "locationName": "vpnConnection" } } @@ -16566,7 +16686,7 @@ "type": "structure", "members": { "VpnConnection": { - "shape": "Sjw", + "shape": "Sk2", "locationName": "vpnConnection" } } @@ -16591,7 +16711,7 @@ "type": "structure", "members": { "VpnConnection": { - "shape": "Sjw", + "shape": "Sk2", "locationName": "vpnConnection" } } @@ -16634,31 +16754,31 @@ }, "DPDTimeoutAction": {}, "Phase1EncryptionAlgorithms": { - "shape": "Sjh", + "shape": "Sjn", "locationName": "Phase1EncryptionAlgorithm" }, "Phase2EncryptionAlgorithms": { - "shape": "Sjj", + "shape": "Sjp", "locationName": "Phase2EncryptionAlgorithm" }, "Phase1IntegrityAlgorithms": { - "shape": "Sjl", + "shape": "Sjr", "locationName": "Phase1IntegrityAlgorithm" }, "Phase2IntegrityAlgorithms": { - "shape": "Sjn", + "shape": "Sjt", "locationName": "Phase2IntegrityAlgorithm" }, "Phase1DHGroupNumbers": { - "shape": "Sjp", + "shape": "Sjv", "locationName": "Phase1DHGroupNumber" }, "Phase2DHGroupNumbers": { - "shape": "Sjr", + "shape": "Sjx", "locationName": "Phase2DHGroupNumber" }, "IKEVersions": { - "shape": "Sjt", + "shape": "Sjz", "locationName": "IKEVersion" }, "StartupAction": {} @@ -16673,7 +16793,7 @@ "type": "structure", "members": { "VpnConnection": { - "shape": "Sjw", + "shape": "Sk2", "locationName": "vpnConnection" } } @@ -16687,7 +16807,7 @@ ], "members": { "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "DryRun": { @@ -16700,7 +16820,7 @@ "type": "structure", "members": { "InstanceMonitorings": { - "shape": "S1ml", + "shape": "S1n0", "locationName": "instancesSet" } } @@ -16790,7 +16910,7 @@ "ClientToken": {}, "CurrencyCode": {}, "HostIdSet": { - "shape": "S1h8" + "shape": "S1hi" }, "LimitPrice": {}, "OfferingId": {}, @@ -16810,7 +16930,7 @@ "locationName": "currencyCode" }, "Purchase": { - "shape": "S1ha", + "shape": "S1hk", "locationName": "purchase" }, "TotalHourlyPrice": { @@ -16905,7 +17025,7 @@ "locationName": "scheduledInstanceSet", "type": "list", "member": { - "shape": "S172", + "shape": "S178", "locationName": "item" } } @@ -16920,7 +17040,7 @@ ], "members": { "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "DryRun": { @@ -16942,7 +17062,7 @@ "locationName": "architecture" }, "BlockDeviceMappings": { - "shape": "S9p", + "shape": "S9w", "locationName": "BlockDeviceMapping" }, "Description": { @@ -17007,7 +17127,7 @@ "type": "boolean" }, "InstanceTagKeys": { - "shape": "Soa", + "shape": "Sog", "locationName": "InstanceTagKey" } } @@ -17018,7 +17138,7 @@ "type": "structure", "members": { "InstanceTagAttribute": { - "shape": "Soc", + "shape": "Soi", "locationName": "instanceTagAttribute" } } @@ -17031,7 +17151,7 @@ "TransitGatewayMulticastDomainId": {}, "GroupIpAddress": {}, "NetworkInterfaceIds": { - "shape": "Soe" + "shape": "Sok" }, "DryRun": { "type": "boolean" @@ -17067,7 +17187,7 @@ "TransitGatewayMulticastDomainId": {}, "GroupIpAddress": {}, "NetworkInterfaceIds": { - "shape": "Soe" + "shape": "Sok" }, "DryRun": { "type": "boolean" @@ -17242,7 +17362,7 @@ ], "members": { "HostIds": { - "shape": "Sv2", + "shape": "Sv8", "locationName": "hostId" } } @@ -17255,7 +17375,7 @@ "locationName": "successful" }, "Unsuccessful": { - "shape": "S1jy", + "shape": "S1k8", "locationName": "unsuccessful" } } @@ -17337,7 +17457,7 @@ "type": "boolean" }, "IcmpTypeCode": { - "shape": "Sdl", + "shape": "Sdr", "locationName": "Icmp" }, "Ipv6CidrBlock": { @@ -17347,7 +17467,7 @@ "locationName": "networkAclId" }, "PortRange": { - "shape": "Sdm", + "shape": "Sds", "locationName": "portRange" }, "Protocol": { @@ -17468,7 +17588,7 @@ "type": "structure", "members": { "Route": { - "shape": "Si0", + "shape": "Si6", "locationName": "route" } } @@ -17495,7 +17615,7 @@ "type": "timestamp" }, "Instances": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "instanceId" }, "ReasonCodes": { @@ -17527,7 +17647,7 @@ "type": "boolean" }, "SpotFleetRequestConfig": { - "shape": "S184", + "shape": "S18e", "locationName": "spotFleetRequestConfig" } } @@ -17587,7 +17707,7 @@ "locationName": "addressingType" }, "BlockDeviceMappings": { - "shape": "Svr", + "shape": "Svx", "locationName": "blockDeviceMapping" }, "EbsOptimized": { @@ -17611,15 +17731,15 @@ "locationName": "keyName" }, "Monitoring": { - "shape": "S18z", + "shape": "S199", "locationName": "monitoring" }, "NetworkInterfaces": { - "shape": "S18e", + "shape": "S18o", "locationName": "NetworkInterface" }, "Placement": { - "shape": "S18g", + "shape": "S18q", "locationName": "placement" }, "RamdiskId": { @@ -17658,7 +17778,7 @@ "type": "structure", "members": { "SpotInstanceRequests": { - "shape": "S18w", + "shape": "S196", "locationName": "spotInstanceRequestSet" } } @@ -17683,7 +17803,7 @@ "type": "structure", "members": { "Address": { - "shape": "Sp7", + "shape": "Spd", "locationName": "address" } } @@ -17859,7 +17979,7 @@ "type": "structure", "members": { "PrefixList": { - "shape": "Sd3", + "shape": "Sda", "locationName": "prefixList" } } @@ -17912,6 +18032,10 @@ "shape": "S4i", "locationName": "ipPermissions" }, + "SecurityGroupRuleIds": { + "shape": "S17f", + "locationName": "SecurityGroupRuleId" + }, "CidrIp": { "locationName": "cidrIp" }, @@ -17970,6 +18094,10 @@ "DryRun": { "locationName": "dryRun", "type": "boolean" + }, + "SecurityGroupRuleIds": { + "shape": "S17f", + "locationName": "SecurityGroupRuleId" } } }, @@ -17996,7 +18124,7 @@ ], "members": { "BlockDeviceMappings": { - "shape": "S9p", + "shape": "S9w", "locationName": "BlockDeviceMapping" }, "ImageId": {}, @@ -18005,7 +18133,7 @@ "type": "integer" }, "Ipv6Addresses": { - "shape": "Sc2", + "shape": "Sc9", "locationName": "Ipv6Address" }, "KernelId": {}, @@ -18017,18 +18145,18 @@ "type": "integer" }, "Monitoring": { - "shape": "S18z" + "shape": "S199" }, "Placement": { - "shape": "S8x" + "shape": "S94" }, "RamdiskId": {}, "SecurityGroupIds": { - "shape": "Sal", + "shape": "Sas", "locationName": "SecurityGroupId" }, "SecurityGroups": { - "shape": "Sb5", + "shape": "Sbc", "locationName": "SecurityGroup" }, "SubnetId": {}, @@ -18060,7 +18188,7 @@ "locationName": "instanceInitiatedShutdownBehavior" }, "NetworkInterfaces": { - "shape": "S18e", + "shape": "S18o", "locationName": "networkInterface" }, "PrivateIpAddress": { @@ -18069,7 +18197,7 @@ "ElasticGpuSpecification": { "type": "list", "member": { - "shape": "Sb1", + "shape": "Sb8", "locationName": "item" } }, @@ -18123,7 +18251,7 @@ } }, "CreditSpecification": { - "shape": "Sbb" + "shape": "Sbi" }, "CpuOptions": { "type": "structure", @@ -18137,7 +18265,7 @@ } }, "CapacityReservationSpecification": { - "shape": "S1k9" + "shape": "S1kj" }, "HibernationOptions": { "type": "structure", @@ -18179,7 +18307,7 @@ } }, "output": { - "shape": "S10h" + "shape": "S10n" } }, "RunScheduledInstances": { @@ -18277,7 +18405,7 @@ "type": "integer" }, "Groups": { - "shape": "S1po", + "shape": "S1q3", "locationName": "Group" }, "Ipv6AddressCount": { @@ -18326,7 +18454,7 @@ }, "RamdiskId": {}, "SecurityGroupIds": { - "shape": "S1po", + "shape": "S1q3", "locationName": "SecurityGroupId" }, "SubnetId": {}, @@ -18359,7 +18487,7 @@ "members": { "LocalGatewayRouteTableId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -18378,7 +18506,7 @@ "locationName": "routeSet", "type": "list", "member": { - "shape": "Scs", + "shape": "Scz", "locationName": "item" } }, @@ -18394,7 +18522,7 @@ "members": { "TransitGatewayMulticastDomainId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -18470,7 +18598,7 @@ "members": { "TransitGatewayRouteTableId": {}, "Filters": { - "shape": "Sot", + "shape": "Soz", "locationName": "Filter" }, "MaxResults": { @@ -18488,7 +18616,7 @@ "locationName": "routeSet", "type": "list", "member": { - "shape": "Si0", + "shape": "Si6", "locationName": "item" } }, @@ -18521,7 +18649,7 @@ ], "members": { "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "AdditionalInfo": { @@ -18537,7 +18665,7 @@ "type": "structure", "members": { "StartingInstances": { - "shape": "S1qc", + "shape": "S1qr", "locationName": "instancesSet" } } @@ -18553,7 +18681,7 @@ "members": { "NetworkInsightsPathId": {}, "FilterInArns": { - "shape": "S13k", + "shape": "S13q", "locationName": "FilterInArn" }, "DryRun": { @@ -18572,7 +18700,7 @@ "type": "structure", "members": { "NetworkInsightsAnalysis": { - "shape": "S13j", + "shape": "S13p", "locationName": "networkInsightsAnalysis" } } @@ -18609,7 +18737,7 @@ ], "members": { "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "Hibernate": { @@ -18629,7 +18757,7 @@ "type": "structure", "members": { "StoppingInstances": { - "shape": "S1qc", + "shape": "S1qr", "locationName": "instancesSet" } } @@ -18670,11 +18798,11 @@ "locationName": "connectionId" }, "PreviousStatus": { - "shape": "Sql", + "shape": "Sqr", "locationName": "previousStatus" }, "CurrentStatus": { - "shape": "Sql", + "shape": "Sqr", "locationName": "currentStatus" } } @@ -18691,7 +18819,7 @@ ], "members": { "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "DryRun": { @@ -18704,7 +18832,7 @@ "type": "structure", "members": { "TerminatingInstances": { - "shape": "S1qc", + "shape": "S1qr", "locationName": "instancesSet" } } @@ -18766,7 +18894,7 @@ ], "members": { "InstanceIds": { - "shape": "Sq6", + "shape": "Sqc", "locationName": "InstanceId" }, "DryRun": { @@ -18779,7 +18907,7 @@ "type": "structure", "members": { "InstanceMonitorings": { - "shape": "S1ml", + "shape": "S1n0", "locationName": "instancesSet" } } @@ -18788,9 +18916,6 @@ "UpdateSecurityGroupRuleDescriptionsEgress": { "input": { "type": "structure", - "required": [ - "IpPermissions" - ], "members": { "DryRun": { "type": "boolean" @@ -18799,6 +18924,10 @@ "GroupName": {}, "IpPermissions": { "shape": "S4i" + }, + "SecurityGroupRuleDescriptions": { + "shape": "S1rb", + "locationName": "SecurityGroupRuleDescription" } } }, @@ -18815,9 +18944,6 @@ "UpdateSecurityGroupRuleDescriptionsIngress": { "input": { "type": "structure", - "required": [ - "IpPermissions" - ], "members": { "DryRun": { "type": "boolean" @@ -18826,6 +18952,10 @@ "GroupName": {}, "IpPermissions": { "shape": "S4i" + }, + "SecurityGroupRuleDescriptions": { + "shape": "S1rb", + "locationName": "SecurityGroupRuleDescription" } } }, @@ -19579,7 +19709,77 @@ } } }, - "S4v": { + "S4t": { + "type": "list", + "member": { + "locationName": "item", + "type": "structure", + "members": { + "SecurityGroupRuleId": { + "locationName": "securityGroupRuleId" + }, + "GroupId": { + "locationName": "groupId" + }, + "GroupOwnerId": { + "locationName": "groupOwnerId" + }, + "IsEgress": { + "locationName": "isEgress", + "type": "boolean" + }, + "IpProtocol": { + "locationName": "ipProtocol" + }, + "FromPort": { + "locationName": "fromPort", + "type": "integer" + }, + "ToPort": { + "locationName": "toPort", + "type": "integer" + }, + "CidrIpv4": { + "locationName": "cidrIpv4" + }, + "CidrIpv6": { + "locationName": "cidrIpv6" + }, + "PrefixListId": { + "locationName": "prefixListId" + }, + "ReferencedGroupInfo": { + "locationName": "referencedGroupInfo", + "type": "structure", + "members": { + "GroupId": { + "locationName": "groupId" + }, + "PeeringStatus": { + "locationName": "peeringStatus" + }, + "UserId": { + "locationName": "userId" + }, + "VpcId": { + "locationName": "vpcId" + }, + "VpcPeeringConnectionId": { + "locationName": "vpcPeeringConnectionId" + } + } + }, + "Description": { + "locationName": "description" + }, + "Tags": { + "shape": "Ss", + "locationName": "tagSet" + } + } + } + }, + "S52": { "type": "structure", "members": { "S3": { @@ -19603,7 +19803,7 @@ } } }, - "S4z": { + "S56": { "type": "structure", "members": { "BundleId": { @@ -19635,7 +19835,7 @@ "locationName": "state" }, "Storage": { - "shape": "S4v", + "shape": "S52", "locationName": "storage" }, "UpdateTime": { @@ -19644,7 +19844,7 @@ } } }, - "S5i": { + "S5p": { "type": "list", "member": { "locationName": "item", @@ -19722,19 +19922,19 @@ } } }, - "S5u": { + "S61": { "type": "list", "member": { "locationName": "item" } }, - "S65": { + "S6c": { "type": "list", "member": { "locationName": "SpotInstanceRequestId" } }, - "S6r": { + "S6y": { "type": "structure", "members": { "CapacityReservationId": { @@ -19807,7 +20007,7 @@ } } }, - "S6w": { + "S73": { "type": "structure", "members": { "CarrierGatewayId": { @@ -19828,7 +20028,7 @@ } } }, - "S76": { + "S7d": { "type": "structure", "members": { "Enabled": { @@ -19838,7 +20038,7 @@ "CloudwatchLogStream": {} } }, - "S79": { + "S7g": { "type": "structure", "members": { "Enabled": { @@ -19847,7 +20047,7 @@ "LambdaFunctionArn": {} } }, - "S7b": { + "S7i": { "type": "structure", "members": { "Code": { @@ -19858,7 +20058,7 @@ } } }, - "S7f": { + "S7m": { "type": "structure", "members": { "Code": { @@ -19869,7 +20069,7 @@ } } }, - "S7k": { + "S7r": { "type": "structure", "members": { "BgpAsn": { @@ -19899,7 +20099,7 @@ } } }, - "S7n": { + "S7u": { "type": "structure", "members": { "AvailabilityZone": { @@ -19966,7 +20166,7 @@ } } }, - "S7t": { + "S80": { "type": "structure", "members": { "CidrBlock": { @@ -20013,7 +20213,7 @@ } } }, - "S82": { + "S89": { "type": "structure", "members": { "DhcpConfigurations": { @@ -20030,7 +20230,7 @@ "locationName": "valueSet", "type": "list", "member": { - "shape": "S86", + "shape": "S8d", "locationName": "item" } } @@ -20049,7 +20249,7 @@ } } }, - "S86": { + "S8d": { "type": "structure", "members": { "Value": { @@ -20057,11 +20257,11 @@ } } }, - "S89": { + "S8g": { "type": "structure", "members": { "Attachments": { - "shape": "S8a", + "shape": "S8h", "locationName": "attachmentSet" }, "EgressOnlyInternetGatewayId": { @@ -20073,7 +20273,7 @@ } } }, - "S8a": { + "S8h": { "type": "list", "member": { "locationName": "item", @@ -20088,7 +20288,7 @@ } } }, - "S8p": { + "S8w": { "type": "list", "member": { "locationName": "item", @@ -20119,7 +20319,7 @@ "type": "double" }, "Placement": { - "shape": "S8x" + "shape": "S94" } } } @@ -20127,7 +20327,7 @@ } } }, - "S8x": { + "S94": { "type": "structure", "members": { "AvailabilityZone": { @@ -20157,7 +20357,7 @@ } } }, - "S8y": { + "S95": { "type": "structure", "required": [ "TotalTargetCapacity" @@ -20175,20 +20375,20 @@ "DefaultTargetCapacityType": {} } }, - "S95": { + "S9c": { "type": "structure", "members": { "LaunchTemplateSpecification": { - "shape": "S96", + "shape": "S9d", "locationName": "launchTemplateSpecification" }, "Overrides": { - "shape": "S97", + "shape": "S9e", "locationName": "overrides" } } }, - "S96": { + "S9d": { "type": "structure", "members": { "LaunchTemplateId": { @@ -20202,7 +20402,7 @@ } } }, - "S97": { + "S9e": { "type": "structure", "members": { "InstanceType": { @@ -20236,27 +20436,27 @@ } } }, - "S9c": { + "S9j": { "type": "list", "member": { "locationName": "item" } }, - "S9m": { + "S9t": { "type": "structure", "members": { "Bucket": {}, "Key": {} } }, - "S9p": { + "S9w": { "type": "list", "member": { - "shape": "S9q", + "shape": "S9x", "locationName": "BlockDeviceMapping" } }, - "S9q": { + "S9x": { "type": "structure", "members": { "DeviceName": { @@ -20306,7 +20506,7 @@ } } }, - "Sa0": { + "Sa7": { "type": "structure", "members": { "Description": { @@ -20357,11 +20557,11 @@ } } }, - "Sa6": { + "Sad": { "type": "structure", "members": { "Attachments": { - "shape": "S8a", + "shape": "S8h", "locationName": "attachmentSet" }, "InternetGatewayId": { @@ -20376,7 +20576,7 @@ } } }, - "Sac": { + "Saj": { "type": "structure", "members": { "KernelId": {}, @@ -20447,7 +20647,7 @@ "type": "integer" }, "Groups": { - "shape": "Sal", + "shape": "Sas", "locationName": "SecurityGroupId" }, "InterfaceType": {}, @@ -20467,7 +20667,7 @@ "NetworkInterfaceId": {}, "PrivateIpAddress": {}, "PrivateIpAddresses": { - "shape": "Sao" + "shape": "Sav" }, "SecondaryPrivateIpAddressCount": { "type": "integer" @@ -20530,7 +20730,7 @@ "locationName": "ElasticGpuSpecification", "type": "list", "member": { - "shape": "Sb1", + "shape": "Sb8", "locationName": "ElasticGpuSpecification" } }, @@ -20552,11 +20752,11 @@ } }, "SecurityGroupIds": { - "shape": "Sal", + "shape": "Sas", "locationName": "SecurityGroupId" }, "SecurityGroups": { - "shape": "Sb5", + "shape": "Sbc", "locationName": "SecurityGroup" }, "InstanceMarketOptions": { @@ -20580,7 +20780,7 @@ } }, "CreditSpecification": { - "shape": "Sbb" + "shape": "Sbi" }, "CpuOptions": { "type": "structure", @@ -20598,7 +20798,7 @@ "members": { "CapacityReservationPreference": {}, "CapacityReservationTarget": { - "shape": "Sbf" + "shape": "Sbm" } } }, @@ -20641,13 +20841,13 @@ } } }, - "Sal": { + "Sas": { "type": "list", "member": { "locationName": "SecurityGroupId" } }, - "Sao": { + "Sav": { "type": "list", "member": { "locationName": "item", @@ -20663,7 +20863,7 @@ } } }, - "Sb1": { + "Sb8": { "type": "structure", "required": [ "Type" @@ -20672,13 +20872,13 @@ "Type": {} } }, - "Sb5": { + "Sbc": { "type": "list", "member": { "locationName": "SecurityGroup" } }, - "Sbb": { + "Sbi": { "type": "structure", "required": [ "CpuCredits" @@ -20687,14 +20887,14 @@ "CpuCredits": {} } }, - "Sbf": { + "Sbm": { "type": "structure", "members": { "CapacityReservationId": {}, "CapacityReservationResourceGroupArn": {} } }, - "Sbo": { + "Sbv": { "type": "structure", "members": { "LaunchTemplateId": { @@ -20724,7 +20924,7 @@ } } }, - "Sbp": { + "Sbw": { "type": "structure", "members": { "Errors": { @@ -20745,7 +20945,7 @@ } } }, - "Sbu": { + "Sc1": { "type": "structure", "members": { "LaunchTemplateId": { @@ -20773,12 +20973,12 @@ "type": "boolean" }, "LaunchTemplateData": { - "shape": "Sbv", + "shape": "Sc2", "locationName": "launchTemplateData" } } }, - "Sbv": { + "Sc2": { "type": "structure", "members": { "KernelId": { @@ -20892,7 +21092,7 @@ "type": "integer" }, "Ipv6Addresses": { - "shape": "Sc2", + "shape": "Sc9", "locationName": "ipv6AddressesSet" }, "NetworkInterfaceId": { @@ -20902,7 +21102,7 @@ "locationName": "privateIpAddress" }, "PrivateIpAddresses": { - "shape": "Sao", + "shape": "Sav", "locationName": "privateIpAddressesSet" }, "SecondaryPrivateIpAddressCount": { @@ -21100,7 +21300,7 @@ "locationName": "capacityReservationPreference" }, "CapacityReservationTarget": { - "shape": "Sch", + "shape": "Sco", "locationName": "capacityReservationTarget" } } @@ -21159,7 +21359,7 @@ } } }, - "Sc2": { + "Sc9": { "type": "list", "member": { "locationName": "item", @@ -21171,7 +21371,7 @@ } } }, - "Sch": { + "Sco": { "type": "structure", "members": { "CapacityReservationId": { @@ -21182,7 +21382,7 @@ } } }, - "Scs": { + "Scz": { "type": "structure", "members": { "DestinationCidrBlock": { @@ -21208,7 +21408,7 @@ } } }, - "Scx": { + "Sd4": { "type": "structure", "members": { "LocalGatewayRouteTableVpcAssociationId": { @@ -21238,7 +21438,7 @@ } } }, - "Sd0": { + "Sd7": { "type": "list", "member": { "type": "structure", @@ -21251,7 +21451,7 @@ } } }, - "Sd3": { + "Sda": { "type": "structure", "members": { "PrefixListId": { @@ -21289,7 +21489,7 @@ } } }, - "Sd9": { + "Sdf": { "type": "structure", "members": { "CreateTime": { @@ -21372,7 +21572,7 @@ } } }, - "Sdg": { + "Sdm": { "type": "structure", "members": { "Associations": { @@ -21409,14 +21609,14 @@ "type": "boolean" }, "IcmpTypeCode": { - "shape": "Sdl", + "shape": "Sdr", "locationName": "icmpTypeCode" }, "Ipv6CidrBlock": { "locationName": "ipv6CidrBlock" }, "PortRange": { - "shape": "Sdm", + "shape": "Sds", "locationName": "portRange" }, "Protocol": { @@ -21451,7 +21651,7 @@ } } }, - "Sdl": { + "Sdr": { "type": "structure", "members": { "Code": { @@ -21464,7 +21664,7 @@ } } }, - "Sdm": { + "Sds": { "type": "structure", "members": { "From": { @@ -21477,7 +21677,7 @@ } } }, - "Sdv": { + "Se1": { "type": "structure", "members": { "NetworkInsightsPathId": { @@ -21515,15 +21715,15 @@ } } }, - "Se0": { + "Se6": { "type": "structure", "members": { "Association": { - "shape": "Se1", + "shape": "Se7", "locationName": "association" }, "Attachment": { - "shape": "Se2", + "shape": "Se8", "locationName": "attachment" }, "AvailabilityZone": { @@ -21533,7 +21733,7 @@ "locationName": "description" }, "Groups": { - "shape": "Se3", + "shape": "Se9", "locationName": "groupSet" }, "InterfaceType": { @@ -21578,7 +21778,7 @@ "type": "structure", "members": { "Association": { - "shape": "Se1", + "shape": "Se7", "locationName": "association" }, "Primary": { @@ -21620,7 +21820,7 @@ } } }, - "Se1": { + "Se7": { "type": "structure", "members": { "AllocationId": { @@ -21646,7 +21846,7 @@ } } }, - "Se2": { + "Se8": { "type": "structure", "members": { "AttachTime": { @@ -21679,7 +21879,7 @@ } } }, - "Se3": { + "Se9": { "type": "list", "member": { "locationName": "item", @@ -21694,7 +21894,7 @@ } } }, - "See": { + "Sek": { "type": "structure", "members": { "NetworkInterfacePermissionId": { @@ -21726,7 +21926,7 @@ } } }, - "Sek": { + "Seq": { "type": "structure", "members": { "GroupName": { @@ -21751,7 +21951,7 @@ } } }, - "Seo": { + "Seu": { "type": "structure", "members": { "ReplaceRootVolumeTaskId": { @@ -21775,7 +21975,7 @@ } } }, - "Sf4": { + "Sfa": { "type": "structure", "members": { "Associations": { @@ -21891,7 +22091,7 @@ } } }, - "Sfg": { + "Sfm": { "type": "structure", "members": { "DataEncryptionKeyId": { @@ -21945,14 +22145,14 @@ } } }, - "Sfq": { + "Sfw": { "type": "structure", "members": { "Bucket": { "locationName": "bucket" }, "Fault": { - "shape": "Sfr", + "shape": "Sfx", "locationName": "fault" }, "OwnerId": { @@ -21966,7 +22166,7 @@ } } }, - "Sfr": { + "Sfx": { "type": "structure", "members": { "Code": { @@ -21977,26 +22177,26 @@ } } }, - "Sg0": { + "Sg6": { "type": "list", "member": {} }, - "Sg4": { + "Sga": { "type": "structure", "members": { "TrafficMirrorFilterId": { "locationName": "trafficMirrorFilterId" }, "IngressFilterRules": { - "shape": "Sg5", + "shape": "Sgb", "locationName": "ingressFilterRuleSet" }, "EgressFilterRules": { - "shape": "Sg5", + "shape": "Sgb", "locationName": "egressFilterRuleSet" }, "NetworkServices": { - "shape": "Sga", + "shape": "Sgg", "locationName": "networkServiceSet" }, "Description": { @@ -22008,14 +22208,14 @@ } } }, - "Sg5": { + "Sgb": { "type": "list", "member": { - "shape": "Sg6", + "shape": "Sgc", "locationName": "item" } }, - "Sg6": { + "Sgc": { "type": "structure", "members": { "TrafficMirrorFilterRuleId": { @@ -22039,11 +22239,11 @@ "type": "integer" }, "DestinationPortRange": { - "shape": "Sg9", + "shape": "Sgf", "locationName": "destinationPortRange" }, "SourcePortRange": { - "shape": "Sg9", + "shape": "Sgf", "locationName": "sourcePortRange" }, "DestinationCidrBlock": { @@ -22057,7 +22257,7 @@ } } }, - "Sg9": { + "Sgf": { "type": "structure", "members": { "FromPort": { @@ -22070,13 +22270,13 @@ } } }, - "Sga": { + "Sgg": { "type": "list", "member": { "locationName": "item" } }, - "Sge": { + "Sgk": { "type": "structure", "members": { "FromPort": { @@ -22087,7 +22287,7 @@ } } }, - "Sgj": { + "Sgp": { "type": "structure", "members": { "TrafficMirrorSessionId": { @@ -22126,7 +22326,7 @@ } } }, - "Sgm": { + "Sgs": { "type": "structure", "members": { "TrafficMirrorTargetId": { @@ -22153,13 +22353,13 @@ } } }, - "Sgv": { + "Sh1": { "type": "list", "member": { "locationName": "item" } }, - "Sgx": { + "Sh3": { "type": "structure", "members": { "TransitGatewayId": { @@ -22225,7 +22425,7 @@ } } }, - "Sh4": { + "Sha": { "type": "structure", "members": { "TransitGatewayAttachmentId": { @@ -22259,13 +22459,13 @@ } } }, - "Sh8": { + "She": { "type": "list", "member": { "locationName": "item" } }, - "Sha": { + "Shg": { "type": "structure", "members": { "TransitGatewayAttachmentId": { @@ -22292,7 +22492,7 @@ "locationName": "peerAddress" }, "InsideCidrBlocks": { - "shape": "Sh8", + "shape": "She", "locationName": "insideCidrBlocks" }, "Protocol": { @@ -22333,7 +22533,7 @@ } } }, - "Shn": { + "Sht": { "type": "structure", "members": { "TransitGatewayMulticastDomainId": { @@ -22376,7 +22576,7 @@ } } }, - "Shv": { + "Si1": { "type": "structure", "members": { "TransitGatewayRouteTableId": { @@ -22412,7 +22612,7 @@ } } }, - "Si0": { + "Si6": { "type": "structure", "members": { "DestinationCidrBlock": { @@ -22448,7 +22648,7 @@ } } }, - "Si7": { + "Sid": { "type": "structure", "members": { "TransitGatewayRouteTableId": { @@ -22478,7 +22678,7 @@ } } }, - "Sid": { + "Sij": { "type": "structure", "members": { "Attachments": { @@ -22544,25 +22744,25 @@ } } }, - "Sik": { + "Siq": { "type": "list", "member": { "locationName": "item" } }, - "Sil": { + "Sir": { "type": "list", "member": { "locationName": "item" } }, - "Sim": { + "Sis": { "type": "list", "member": { "locationName": "item" } }, - "Sio": { + "Siu": { "type": "structure", "members": { "VpcEndpointId": { @@ -22620,7 +22820,7 @@ "locationName": "networkInterfaceIdSet" }, "DnsEntries": { - "shape": "Sis", + "shape": "Siy", "locationName": "dnsEntrySet" }, "CreationTimestamp": { @@ -22648,7 +22848,7 @@ } } }, - "Sis": { + "Siy": { "type": "list", "member": { "locationName": "item", @@ -22663,7 +22863,7 @@ } } }, - "Six": { + "Sj3": { "type": "structure", "members": { "ConnectionNotificationId": { @@ -22690,11 +22890,11 @@ } } }, - "Sj2": { + "Sj8": { "type": "structure", "members": { "ServiceType": { - "shape": "Sj3", + "shape": "Sj9", "locationName": "serviceType" }, "ServiceId": { @@ -22757,7 +22957,7 @@ } } }, - "Sj3": { + "Sj9": { "type": "list", "member": { "locationName": "item", @@ -22769,7 +22969,7 @@ } } }, - "Sjh": { + "Sjn": { "type": "list", "member": { "locationName": "item", @@ -22779,7 +22979,7 @@ } } }, - "Sjj": { + "Sjp": { "type": "list", "member": { "locationName": "item", @@ -22789,7 +22989,7 @@ } } }, - "Sjl": { + "Sjr": { "type": "list", "member": { "locationName": "item", @@ -22799,7 +22999,7 @@ } } }, - "Sjn": { + "Sjt": { "type": "list", "member": { "locationName": "item", @@ -22809,7 +23009,7 @@ } } }, - "Sjp": { + "Sjv": { "type": "list", "member": { "locationName": "item", @@ -22821,7 +23021,7 @@ } } }, - "Sjr": { + "Sjx": { "type": "list", "member": { "locationName": "item", @@ -22833,7 +23033,7 @@ } } }, - "Sjt": { + "Sjz": { "type": "list", "member": { "locationName": "item", @@ -22843,7 +23043,7 @@ } } }, - "Sjw": { + "Sk2": { "type": "structure", "members": { "CustomerGatewayConfiguration": { @@ -23099,7 +23299,7 @@ } } }, - "Skp": { + "Skv": { "type": "structure", "members": { "AvailabilityZone": { @@ -23132,39 +23332,39 @@ } } }, - "Sl3": { + "Sl9": { "type": "list", "member": {} }, - "Sld": { + "Slj": { "type": "list", "member": { "locationName": "item" } }, - "Slp": { + "Slv": { "type": "list", "member": { "locationName": "item" } }, - "Snw": { + "So2": { "type": "list", "member": { "locationName": "item" } }, - "Soa": { + "Sog": { "type": "list", "member": { "locationName": "item" } }, - "Soc": { + "Soi": { "type": "structure", "members": { "InstanceTagKeys": { - "shape": "Soa", + "shape": "Sog", "locationName": "instanceTagKeySet" }, "IncludeAllTagsOfInstance": { @@ -23173,13 +23373,13 @@ } } }, - "Soe": { + "Sok": { "type": "list", "member": { "locationName": "item" } }, - "Sot": { + "Soz": { "type": "list", "member": { "locationName": "Filter", @@ -23193,7 +23393,7 @@ } } }, - "Sp7": { + "Spd": { "type": "structure", "members": { "PublicIp": { @@ -23222,7 +23422,7 @@ } } }, - "Spb": { + "Sph": { "type": "list", "member": { "locationName": "item", @@ -23242,13 +23442,13 @@ } } }, - "Sq6": { + "Sqc": { "type": "list", "member": { "locationName": "InstanceId" } }, - "Sql": { + "Sqr": { "type": "structure", "members": { "Code": { @@ -23259,7 +23459,7 @@ } } }, - "Srq": { + "Srw": { "type": "structure", "members": { "ConversionTaskId": { @@ -23299,7 +23499,7 @@ "locationName": "description" }, "Image": { - "shape": "Sru", + "shape": "Ss0", "locationName": "image" }, "Status": { @@ -23309,7 +23509,7 @@ "locationName": "statusMessage" }, "Volume": { - "shape": "Srv", + "shape": "Ss1", "locationName": "volume" } } @@ -23332,11 +23532,11 @@ "locationName": "description" }, "Image": { - "shape": "Sru", + "shape": "Ss0", "locationName": "image" }, "Volume": { - "shape": "Srv", + "shape": "Ss1", "locationName": "volume" } } @@ -23353,7 +23553,7 @@ } } }, - "Sru": { + "Ss0": { "type": "structure", "members": { "Checksum": { @@ -23371,7 +23571,7 @@ } } }, - "Srv": { + "Ss1": { "type": "structure", "members": { "Id": { @@ -23383,7 +23583,7 @@ } } }, - "Sst": { + "Ssz": { "type": "structure", "members": { "S3Bucket": { @@ -23394,7 +23594,7 @@ } } }, - "Sta": { + "Stg": { "type": "structure", "members": { "EventDescription": { @@ -23408,7 +23608,7 @@ } } }, - "Std": { + "Stj": { "type": "list", "member": { "locationName": "item", @@ -23429,7 +23629,7 @@ } } }, - "Su5": { + "Sub": { "type": "structure", "members": { "FpgaImageId": { @@ -23458,12 +23658,12 @@ } }, "ProductCodes": { - "shape": "Su9", + "shape": "Suf", "locationName": "productCodes" } } }, - "Su9": { + "Suf": { "type": "list", "member": { "locationName": "item", @@ -23478,32 +23678,32 @@ } } }, - "Sue": { + "Suk": { "type": "list", "member": { "locationName": "Owner" } }, - "Suz": { + "Sv5": { "type": "list", "member": { "locationName": "item" } }, - "Sv2": { + "Sv8": { "type": "list", "member": { "locationName": "item" } }, - "Svr": { + "Svx": { "type": "list", "member": { - "shape": "S9q", + "shape": "S9x", "locationName": "item" } }, - "Svs": { + "Svy": { "type": "list", "member": { "locationName": "item", @@ -23518,7 +23718,7 @@ } } }, - "Sw5": { + "Swb": { "type": "structure", "members": { "Code": { @@ -23529,7 +23729,7 @@ } } }, - "Swe": { + "Swk": { "type": "list", "member": { "locationName": "item", @@ -23564,13 +23764,13 @@ "locationName": "url" }, "UserBucket": { - "shape": "Swg", + "shape": "Swm", "locationName": "userBucket" } } } }, - "Swg": { + "Swm": { "type": "structure", "members": { "S3Bucket": { @@ -23581,7 +23781,7 @@ } } }, - "Swh": { + "Swn": { "type": "list", "member": { "locationName": "item", @@ -23593,7 +23793,7 @@ } } }, - "Swp": { + "Swv": { "type": "structure", "members": { "Description": { @@ -23629,12 +23829,12 @@ "locationName": "url" }, "UserBucket": { - "shape": "Swg", + "shape": "Swm", "locationName": "userBucket" } } }, - "Swt": { + "Swz": { "type": "list", "member": { "locationName": "item", @@ -23666,7 +23866,7 @@ } } }, - "Sww": { + "Sx2": { "type": "structure", "members": { "Value": { @@ -23675,7 +23875,7 @@ } } }, - "Swx": { + "Sx3": { "type": "structure", "members": { "Enabled": { @@ -23684,7 +23884,7 @@ } } }, - "Sxa": { + "Sxg": { "type": "structure", "members": { "InstanceEventId": { @@ -23710,7 +23910,7 @@ } } }, - "Sxd": { + "Sxj": { "type": "structure", "members": { "Code": { @@ -23722,7 +23922,7 @@ } } }, - "Sxf": { + "Sxl": { "type": "structure", "members": { "Details": { @@ -23750,11 +23950,11 @@ } } }, - "S10h": { + "S10n": { "type": "structure", "members": { "Groups": { - "shape": "Se3", + "shape": "Se9", "locationName": "groupSet" }, "Instances": { @@ -23788,11 +23988,11 @@ "type": "timestamp" }, "Monitoring": { - "shape": "S10k", + "shape": "S10q", "locationName": "monitoring" }, "Placement": { - "shape": "S8x", + "shape": "S94", "locationName": "placement" }, "Platform": { @@ -23805,7 +24005,7 @@ "locationName": "privateIpAddress" }, "ProductCodes": { - "shape": "Su9", + "shape": "Suf", "locationName": "productCodes" }, "PublicDnsName": { @@ -23818,7 +24018,7 @@ "locationName": "ramdiskId" }, "State": { - "shape": "Sxd", + "shape": "Sxj", "locationName": "instanceState" }, "StateTransitionReason": { @@ -23834,7 +24034,7 @@ "locationName": "architecture" }, "BlockDeviceMappings": { - "shape": "Swt", + "shape": "Swz", "locationName": "blockDeviceMapping" }, "ClientToken": { @@ -23911,7 +24111,7 @@ "type": "structure", "members": { "Association": { - "shape": "S10t", + "shape": "S10z", "locationName": "association" }, "Attachment": { @@ -23946,11 +24146,11 @@ "locationName": "description" }, "Groups": { - "shape": "Se3", + "shape": "Se9", "locationName": "groupSet" }, "Ipv6Addresses": { - "shape": "Sc2", + "shape": "Sc9", "locationName": "ipv6AddressesSet" }, "MacAddress": { @@ -23976,7 +24176,7 @@ "type": "structure", "members": { "Association": { - "shape": "S10t", + "shape": "S10z", "locationName": "association" }, "Primary": { @@ -24021,7 +24221,7 @@ "locationName": "rootDeviceType" }, "SecurityGroups": { - "shape": "Se3", + "shape": "Se9", "locationName": "groupSet" }, "SourceDestCheck": { @@ -24035,7 +24235,7 @@ "locationName": "sriovNetSupport" }, "StateReason": { - "shape": "Sw5", + "shape": "Swb", "locationName": "stateReason" }, "Tags": { @@ -24070,7 +24270,7 @@ "locationName": "capacityReservationPreference" }, "CapacityReservationTarget": { - "shape": "Sch", + "shape": "Sco", "locationName": "capacityReservationTarget" } } @@ -24099,11 +24299,11 @@ } }, "MetadataOptions": { - "shape": "S112", + "shape": "S118", "locationName": "metadataOptions" }, "EnclaveOptions": { - "shape": "Swx", + "shape": "Sx3", "locationName": "enclaveOptions" }, "BootMode": { @@ -24123,7 +24323,7 @@ } } }, - "S10k": { + "S10q": { "type": "structure", "members": { "State": { @@ -24131,7 +24331,7 @@ } } }, - "S10t": { + "S10z": { "type": "structure", "members": { "CarrierIp": { @@ -24148,7 +24348,7 @@ } } }, - "S112": { + "S118": { "type": "structure", "members": { "State": { @@ -24166,13 +24366,13 @@ } } }, - "S12j": { + "S12p": { "type": "list", "member": { "locationName": "item" } }, - "S13j": { + "S13p": { "type": "structure", "members": { "NetworkInsightsAnalysisId": { @@ -24185,7 +24385,7 @@ "locationName": "networkInsightsPathId" }, "FilterInArns": { - "shape": "S13k", + "shape": "S13q", "locationName": "filterInArnSet" }, "StartDate": { @@ -24203,11 +24403,11 @@ "type": "boolean" }, "ForwardPathComponents": { - "shape": "S13m", + "shape": "S13s", "locationName": "forwardPathComponentSet" }, "ReturnPathComponents": { - "shape": "S13m", + "shape": "S13s", "locationName": "returnPathComponentSet" }, "Explanations": { @@ -24218,22 +24418,22 @@ "type": "structure", "members": { "Acl": { - "shape": "S13p", + "shape": "S13v", "locationName": "acl" }, "AclRule": { - "shape": "S13o", + "shape": "S13u", "locationName": "aclRule" }, "Address": { "locationName": "address" }, "Addresses": { - "shape": "S13r", + "shape": "S13x", "locationName": "addressSet" }, "AttachedTo": { - "shape": "S13p", + "shape": "S13v", "locationName": "attachedTo" }, "AvailabilityZones": { @@ -24245,19 +24445,19 @@ "locationName": "cidrSet" }, "Component": { - "shape": "S13p", + "shape": "S13v", "locationName": "component" }, "CustomerGateway": { - "shape": "S13p", + "shape": "S13v", "locationName": "customerGateway" }, "Destination": { - "shape": "S13p", + "shape": "S13v", "locationName": "destination" }, "DestinationVpc": { - "shape": "S13p", + "shape": "S13v", "locationName": "destinationVpc" }, "Direction": { @@ -24267,11 +24467,11 @@ "locationName": "explanationCode" }, "IngressRouteTable": { - "shape": "S13p", + "shape": "S13v", "locationName": "ingressRouteTable" }, "InternetGateway": { - "shape": "S13p", + "shape": "S13v", "locationName": "internetGateway" }, "LoadBalancerArn": { @@ -24306,7 +24506,7 @@ "locationName": "availabilityZone" }, "Instance": { - "shape": "S13p", + "shape": "S13v", "locationName": "instance" }, "Port": { @@ -24316,11 +24516,11 @@ } }, "LoadBalancerTargetGroup": { - "shape": "S13p", + "shape": "S13v", "locationName": "loadBalancerTargetGroup" }, "LoadBalancerTargetGroups": { - "shape": "S13z", + "shape": "S145", "locationName": "loadBalancerTargetGroupSet" }, "LoadBalancerTargetPort": { @@ -24328,25 +24528,25 @@ "type": "integer" }, "ElasticLoadBalancerListener": { - "shape": "S13p", + "shape": "S13v", "locationName": "elasticLoadBalancerListener" }, "MissingComponent": { "locationName": "missingComponent" }, "NatGateway": { - "shape": "S13p", + "shape": "S13v", "locationName": "natGateway" }, "NetworkInterface": { - "shape": "S13p", + "shape": "S13v", "locationName": "networkInterface" }, "PacketField": { "locationName": "packetField" }, "VpcPeeringConnection": { - "shape": "S13p", + "shape": "S13v", "locationName": "vpcPeeringConnection" }, "Port": { @@ -24354,11 +24554,11 @@ "type": "integer" }, "PortRanges": { - "shape": "S13s", + "shape": "S13y", "locationName": "portRangeSet" }, "PrefixList": { - "shape": "S13p", + "shape": "S13v", "locationName": "prefixList" }, "Protocols": { @@ -24369,54 +24569,54 @@ } }, "RouteTableRoute": { - "shape": "S13t", + "shape": "S13z", "locationName": "routeTableRoute" }, "RouteTable": { - "shape": "S13p", + "shape": "S13v", "locationName": "routeTable" }, "SecurityGroup": { - "shape": "S13p", + "shape": "S13v", "locationName": "securityGroup" }, "SecurityGroupRule": { - "shape": "S13u", + "shape": "S140", "locationName": "securityGroupRule" }, "SecurityGroups": { - "shape": "S13z", + "shape": "S145", "locationName": "securityGroupSet" }, "SourceVpc": { - "shape": "S13p", + "shape": "S13v", "locationName": "sourceVpc" }, "State": { "locationName": "state" }, "Subnet": { - "shape": "S13p", + "shape": "S13v", "locationName": "subnet" }, "SubnetRouteTable": { - "shape": "S13p", + "shape": "S13v", "locationName": "subnetRouteTable" }, "Vpc": { - "shape": "S13p", + "shape": "S13v", "locationName": "vpc" }, "VpcEndpoint": { - "shape": "S13p", + "shape": "S13v", "locationName": "vpcEndpoint" }, "VpnConnection": { - "shape": "S13p", + "shape": "S13v", "locationName": "vpnConnection" }, "VpnGateway": { - "shape": "S13p", + "shape": "S13v", "locationName": "vpnGateway" } } @@ -24444,13 +24644,13 @@ } } }, - "S13k": { + "S13q": { "type": "list", "member": { "locationName": "item" } }, - "S13m": { + "S13s": { "type": "list", "member": { "locationName": "item", @@ -24461,49 +24661,49 @@ "type": "integer" }, "AclRule": { - "shape": "S13o", + "shape": "S13u", "locationName": "aclRule" }, "Component": { - "shape": "S13p", + "shape": "S13v", "locationName": "component" }, "DestinationVpc": { - "shape": "S13p", + "shape": "S13v", "locationName": "destinationVpc" }, "OutboundHeader": { - "shape": "S13q", + "shape": "S13w", "locationName": "outboundHeader" }, "InboundHeader": { - "shape": "S13q", + "shape": "S13w", "locationName": "inboundHeader" }, "RouteTableRoute": { - "shape": "S13t", + "shape": "S13z", "locationName": "routeTableRoute" }, "SecurityGroupRule": { - "shape": "S13u", + "shape": "S140", "locationName": "securityGroupRule" }, "SourceVpc": { - "shape": "S13p", + "shape": "S13v", "locationName": "sourceVpc" }, "Subnet": { - "shape": "S13p", + "shape": "S13v", "locationName": "subnet" }, "Vpc": { - "shape": "S13p", + "shape": "S13v", "locationName": "vpc" } } } }, - "S13o": { + "S13u": { "type": "structure", "members": { "Cidr": { @@ -24514,7 +24714,7 @@ "type": "boolean" }, "PortRange": { - "shape": "Sdm", + "shape": "Sds", "locationName": "portRange" }, "Protocol": { @@ -24529,7 +24729,7 @@ } } }, - "S13p": { + "S13v": { "type": "structure", "members": { "Id": { @@ -24540,44 +24740,44 @@ } } }, - "S13q": { + "S13w": { "type": "structure", "members": { "DestinationAddresses": { - "shape": "S13r", + "shape": "S13x", "locationName": "destinationAddressSet" }, "DestinationPortRanges": { - "shape": "S13s", + "shape": "S13y", "locationName": "destinationPortRangeSet" }, "Protocol": { "locationName": "protocol" }, "SourceAddresses": { - "shape": "S13r", + "shape": "S13x", "locationName": "sourceAddressSet" }, "SourcePortRanges": { - "shape": "S13s", + "shape": "S13y", "locationName": "sourcePortRangeSet" } } }, - "S13r": { + "S13x": { "type": "list", "member": { "locationName": "item" } }, - "S13s": { + "S13y": { "type": "list", "member": { - "shape": "Sdm", + "shape": "Sds", "locationName": "item" } }, - "S13t": { + "S13z": { "type": "structure", "members": { "DestinationCidr": { @@ -24612,7 +24812,7 @@ } } }, - "S13u": { + "S140": { "type": "structure", "members": { "Cidr": { @@ -24625,7 +24825,7 @@ "locationName": "securityGroupId" }, "PortRange": { - "shape": "Sdm", + "shape": "Sds", "locationName": "portRange" }, "PrefixListId": { @@ -24636,20 +24836,20 @@ } } }, - "S13z": { + "S145": { "type": "list", "member": { - "shape": "S13p", + "shape": "S13v", "locationName": "item" } }, - "S15l": { + "S15r": { "type": "list", "member": { "locationName": "ReservedInstancesId" } }, - "S15t": { + "S15z": { "type": "list", "member": { "locationName": "item", @@ -24665,7 +24865,7 @@ } } }, - "S167": { + "S16d": { "type": "structure", "members": { "AvailabilityZone": { @@ -24686,7 +24886,7 @@ } } }, - "S16u": { + "S170": { "type": "structure", "members": { "Frequency": { @@ -24713,7 +24913,7 @@ } } }, - "S172": { + "S178": { "type": "structure", "members": { "AvailabilityZone": { @@ -24748,7 +24948,7 @@ "type": "timestamp" }, "Recurrence": { - "shape": "S16u", + "shape": "S170", "locationName": "recurrence" }, "ScheduledInstanceId": { @@ -24772,13 +24972,19 @@ } } }, - "S179": { + "S17f": { + "type": "list", + "member": { + "locationName": "item" + } + }, + "S17j": { "type": "list", "member": { "locationName": "GroupName" } }, - "S17h": { + "S17r": { "type": "list", "member": { "locationName": "item", @@ -24793,13 +24999,13 @@ } } }, - "S17l": { + "S17v": { "type": "list", "member": { "locationName": "SnapshotId" } }, - "S184": { + "S18e": { "type": "structure", "required": [ "IamFleetRole", @@ -24852,14 +25058,14 @@ "type": "structure", "members": { "SecurityGroups": { - "shape": "Se3", + "shape": "Se9", "locationName": "groupSet" }, "AddressingType": { "locationName": "addressingType" }, "BlockDeviceMappings": { - "shape": "Svr", + "shape": "Svx", "locationName": "blockDeviceMapping" }, "EbsOptimized": { @@ -24893,11 +25099,11 @@ } }, "NetworkInterfaces": { - "shape": "S18e", + "shape": "S18o", "locationName": "networkInterfaceSet" }, "Placement": { - "shape": "S18g", + "shape": "S18q", "locationName": "placement" }, "RamdiskId": { @@ -24937,7 +25143,7 @@ } }, "LaunchTemplateConfigs": { - "shape": "S18j", + "shape": "S18t", "locationName": "launchTemplateConfigs" }, "SpotPrice": { @@ -25036,7 +25242,7 @@ } } }, - "S18e": { + "S18o": { "type": "list", "member": { "locationName": "item", @@ -25058,7 +25264,7 @@ "type": "integer" }, "Groups": { - "shape": "Sal", + "shape": "Sas", "locationName": "SecurityGroupId" }, "Ipv6AddressCount": { @@ -25066,7 +25272,7 @@ "type": "integer" }, "Ipv6Addresses": { - "shape": "Sc2", + "shape": "Sc9", "locationName": "ipv6AddressesSet", "queryName": "Ipv6Addresses" }, @@ -25077,7 +25283,7 @@ "locationName": "privateIpAddress" }, "PrivateIpAddresses": { - "shape": "Sao", + "shape": "Sav", "locationName": "privateIpAddressesSet", "queryName": "PrivateIpAddresses" }, @@ -25098,7 +25304,7 @@ } } }, - "S18g": { + "S18q": { "type": "structure", "members": { "AvailabilityZone": { @@ -25112,14 +25318,14 @@ } } }, - "S18j": { + "S18t": { "type": "list", "member": { "locationName": "item", "type": "structure", "members": { "LaunchTemplateSpecification": { - "shape": "S96", + "shape": "S9d", "locationName": "launchTemplateSpecification" }, "Overrides": { @@ -25155,7 +25361,7 @@ } } }, - "S18w": { + "S196": { "type": "list", "member": { "locationName": "item", @@ -25176,7 +25382,7 @@ "type": "timestamp" }, "Fault": { - "shape": "Sfr", + "shape": "Sfx", "locationName": "fault" }, "InstanceId": { @@ -25193,14 +25399,14 @@ "locationName": "userData" }, "SecurityGroups": { - "shape": "Se3", + "shape": "Se9", "locationName": "groupSet" }, "AddressingType": { "locationName": "addressingType" }, "BlockDeviceMappings": { - "shape": "Svr", + "shape": "Svx", "locationName": "blockDeviceMapping" }, "EbsOptimized": { @@ -25224,11 +25430,11 @@ "locationName": "keyName" }, "NetworkInterfaces": { - "shape": "S18e", + "shape": "S18o", "locationName": "networkInterfaceSet" }, "Placement": { - "shape": "S18g", + "shape": "S18q", "locationName": "placement" }, "RamdiskId": { @@ -25238,7 +25444,7 @@ "locationName": "subnetId" }, "Monitoring": { - "shape": "S18z", + "shape": "S199", "locationName": "monitoring" } } @@ -25295,7 +25501,7 @@ } } }, - "S18z": { + "S199": { "type": "structure", "required": [ "Enabled" @@ -25307,7 +25513,7 @@ } } }, - "S19e": { + "S19o": { "type": "list", "member": { "locationName": "item", @@ -25349,17 +25555,17 @@ } } }, - "S1ac": { + "S1am": { "type": "list", "member": {} }, - "S1bg": { + "S1bq": { "type": "list", "member": { "locationName": "VolumeId" } }, - "S1c1": { + "S1cb": { "type": "structure", "members": { "VolumeId": { @@ -25423,19 +25629,19 @@ } } }, - "S1c7": { + "S1ch": { "type": "list", "member": { "locationName": "VpcId" } }, - "S1dx": { + "S1e7": { "type": "list", "member": { "locationName": "AvailabilityZone" } }, - "S1ec": { + "S1em": { "type": "structure", "members": { "TransitGatewayAttachmentId": { @@ -25455,7 +25661,7 @@ } } }, - "S1gr": { + "S1h1": { "type": "structure", "members": { "InstanceFamily": { @@ -25466,13 +25672,13 @@ } } }, - "S1h8": { + "S1hi": { "type": "list", "member": { "locationName": "item" } }, - "S1ha": { + "S1hk": { "type": "list", "member": { "locationName": "item", @@ -25486,7 +25692,7 @@ "type": "integer" }, "HostIdSet": { - "shape": "Suz", + "shape": "Sv5", "locationName": "hostIdSet" }, "HostReservationId": { @@ -25507,7 +25713,7 @@ } } }, - "S1hr": { + "S1i1": { "type": "structure", "members": { "HourlyPrice": { @@ -25521,7 +25727,7 @@ } } }, - "S1il": { + "S1iv": { "type": "structure", "members": { "Comment": {}, @@ -25536,14 +25742,14 @@ } } }, - "S1io": { + "S1iy": { "type": "structure", "members": { "S3Bucket": {}, "S3Key": {} } }, - "S1iv": { + "S1j5": { "type": "structure", "required": [ "Bytes", @@ -25563,7 +25769,7 @@ } } }, - "S1iw": { + "S1j6": { "type": "structure", "required": [ "Size" @@ -25575,25 +25781,25 @@ } } }, - "S1jp": { + "S1jz": { "type": "list", "member": { "locationName": "UserId" } }, - "S1jq": { + "S1k0": { "type": "list", "member": { "locationName": "UserGroup" } }, - "S1jr": { + "S1k1": { "type": "list", "member": { "locationName": "ProductCode" } }, - "S1jt": { + "S1k3": { "type": "list", "member": { "locationName": "item", @@ -25604,23 +25810,23 @@ } } }, - "S1jy": { + "S1k8": { "type": "list", "member": { "shape": "S17", "locationName": "item" } }, - "S1k9": { + "S1kj": { "type": "structure", "members": { "CapacityReservationPreference": {}, "CapacityReservationTarget": { - "shape": "Sbf" + "shape": "Sbm" } } }, - "S1m4": { + "S1mj": { "type": "structure", "members": { "AllowDnsResolutionFromRemoteVpc": { @@ -25634,7 +25840,7 @@ } } }, - "S1m6": { + "S1ml": { "type": "structure", "members": { "AllowDnsResolutionFromRemoteVpc": { @@ -25651,7 +25857,7 @@ } } }, - "S1ml": { + "S1n0": { "type": "list", "member": { "locationName": "item", @@ -25661,37 +25867,48 @@ "locationName": "instanceId" }, "Monitoring": { - "shape": "S10k", + "shape": "S10q", "locationName": "monitoring" } } } }, - "S1po": { + "S1q3": { "type": "list", "member": { "locationName": "SecurityGroupId" } }, - "S1qc": { + "S1qr": { "type": "list", "member": { "locationName": "item", "type": "structure", "members": { "CurrentState": { - "shape": "Sxd", + "shape": "Sxj", "locationName": "currentState" }, "InstanceId": { "locationName": "instanceId" }, "PreviousState": { - "shape": "Sxd", + "shape": "Sxj", "locationName": "previousState" } } } + }, + "S1rb": { + "type": "list", + "member": { + "locationName": "item", + "type": "structure", + "members": { + "SecurityGroupRuleId": {}, + "Description": {} + } + } } } } \ No newline at end of file diff --git a/apis/ec2-2016-11-15.normal.json b/apis/ec2-2016-11-15.normal.json index 55a2edb1b7..dc42f46c9b 100644 --- a/apis/ec2-2016-11-15.normal.json +++ b/apis/ec2-2016-11-15.normal.json @@ -231,7 +231,7 @@ "output": { "shape": "AssociateEnclaveCertificateIamRoleResult" }, - "documentation": "Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see AWS Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide.
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS-managed KMS customer master (CMK) that has an attached attestation-based CMK policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the AWS KMS CMK, you must grant it permission to call kms:Decrypt on the AWS KMS CMK returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide.
Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an Amazon Web Services managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the Amazon Web Services Nitro Enclaves User Guide.
[VPC only] Adds the specified egress rules to a security group for use with a VPC.
An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances associated with the specified destination security groups.
You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.
Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.
For more information about VPC security group limits, see Amazon VPC Limits.
" + "output": { + "shape": "AuthorizeSecurityGroupEgressResult" + }, + "documentation": "[VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC.
An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified destination security groups.
You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.
Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.
For information about VPC security group quotas, see Amazon VPC quotas.
" }, "AuthorizeSecurityGroupIngress": { "name": "AuthorizeSecurityGroupIngress", @@ -432,7 +435,10 @@ "input": { "shape": "AuthorizeSecurityGroupIngressRequest" }, - "documentation": "Adds the specified ingress rules to a security group.
An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address ranges, or from the instances associated with the specified destination security groups.
You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
For more information about VPC security group limits, see Amazon VPC Limits.
" + "output": { + "shape": "AuthorizeSecurityGroupIngressResult" + }, + "documentation": "Adds the specified inbound (ingress) rules to a security group.
An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups.
You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
For more information about VPC security group quotas, see Amazon VPC quotas.
" }, "BundleInstance": { "name": "BundleInstance", @@ -3366,6 +3372,20 @@ }, "documentation": "[VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request.
" }, + "DescribeSecurityGroupRules": { + "name": "DescribeSecurityGroupRules", + "http": { + "method": "POST", + "requestUri": "/" + }, + "input": { + "shape": "DescribeSecurityGroupRulesRequest" + }, + "output": { + "shape": "DescribeSecurityGroupRulesResult" + }, + "documentation": "Describes one or more of your security group rules.
" + }, "DescribeSecurityGroups": { "name": "DescribeSecurityGroups", "http": { @@ -4161,7 +4181,7 @@ "output": { "shape": "DisassociateEnclaveCertificateIamRoleResult" }, - "documentation": "Disassociates an IAM role from an AWS Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role's permission to use the AWS Key Management Service (KMS) customer master key (CMK) used to encrypt the private key. This effectively revokes the role's permission to use the certificate.
" + "documentation": "Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS key used to encrypt the private key. This effectively revokes the role's permission to use the certificate.
" }, "DisassociateIamInstanceProfile": { "name": "DisassociateIamInstanceProfile", @@ -4446,7 +4466,7 @@ "output": { "shape": "GetAssociatedEnclaveCertificateIamRolesResult" }, - "documentation": "Returns the IAM roles that are associated with the specified AWS Certificate Manager (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the AWS Key Management Service (KMS) customer master key (CMK) that's used to encrypt the private key.
" + "documentation": "Returns the IAM roles that are associated with the specified ACM (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that's used to encrypt the private key.
" }, "GetAssociatedIpv6PoolCidrs": { "name": "GetAssociatedIpv6PoolCidrs", @@ -4810,7 +4830,7 @@ "output": { "shape": "ImportKeyPairResult" }, - "documentation": "Imports the public key from an RSA key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which AWS creates the key pair and gives the keys to you (AWS keeps a copy of the public key). With ImportKeyPair, you create the key pair and give AWS just the public key. The private key is never transferred between you and AWS.
For more information about key pairs, see Key Pairs in the Amazon Elastic Compute Cloud User Guide.
" + "documentation": "Imports the public key from an RSA key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services creates the key pair and gives the keys to you (Amazon Web Services keeps a copy of the public key). With ImportKeyPair, you create the key pair and give Amazon Web Services just the public key. The private key is never transferred between you and Amazon Web Services.
For more information about key pairs, see Key Pairs in the Amazon Elastic Compute Cloud User Guide.
" }, "ImportSnapshot": { "name": "ImportSnapshot", @@ -5133,6 +5153,20 @@ }, "documentation": "Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.
For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.
" }, + "ModifySecurityGroupRules": { + "name": "ModifySecurityGroupRules", + "http": { + "method": "POST", + "requestUri": "/" + }, + "input": { + "shape": "ModifySecurityGroupRulesRequest" + }, + "output": { + "shape": "ModifySecurityGroupRulesResult" + }, + "documentation": "Modifies the rules of a security group.
" + }, "ModifySnapshotAttribute": { "name": "ModifySnapshotAttribute", "http": { @@ -5932,7 +5966,7 @@ "output": { "shape": "RevokeSecurityGroupEgressResult" }, - "documentation": "[VPC only] Removes the specified egress rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly.
[Default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.
AWS recommends that you use DescribeSecurityGroups to verify that the rule has been removed.
Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not have to specify the description to revoke the rule.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
" + "documentation": "[VPC only] Removes the specified outbound (egress) rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic.
You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.
[Default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.
Amazon Web Services recommends that you describe the security group to verify that the rules were removed.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
" }, "RevokeSecurityGroupIngress": { "name": "RevokeSecurityGroupIngress", @@ -5946,7 +5980,7 @@ "output": { "shape": "RevokeSecurityGroupIngressResult" }, - "documentation": "Removes the specified ingress rules from a security group. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly.
[EC2-Classic , default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.
AWS recommends that you use DescribeSecurityGroups to verify that the rule has been removed.
Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not have to specify the description to revoke the rule.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
" + "documentation": "Removes the specified inbound (ingress) rules from a security group.
You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.
[EC2-Classic, default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.
Amazon Web Services recommends that you describe the security group to verify that the rules were removed.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
" }, "RunInstances": { "name": "RunInstances", @@ -6164,7 +6198,7 @@ "output": { "shape": "UpdateSecurityGroupRuleDescriptionsEgressResult" }, - "documentation": "[VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.
You specify the description as part of the IP permissions structure. You can remove a description for a security group rule by omitting the description parameter in the request.
" + "documentation": "[VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.
" }, "UpdateSecurityGroupRuleDescriptionsIngress": { "name": "UpdateSecurityGroupRuleDescriptionsIngress", @@ -6178,7 +6212,7 @@ "output": { "shape": "UpdateSecurityGroupRuleDescriptionsIngressResult" }, - "documentation": "Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.
You specify the description as part of the IP permissions structure. You can remove a description for a security group rule by omitting the description parameter in the request.
" + "documentation": "Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.
" }, "WithdrawByoipCidr": { "name": "WithdrawByoipCidr", @@ -7427,7 +7461,7 @@ }, "EncryptionKmsKeyId": { "shape": "String", - "documentation": "The ID of the AWS KMS CMK used to encrypt the private key of the certificate.
", + "documentation": "The ID of the KMS key used to encrypt the private key of the certificate.
", "locationName": "encryptionKmsKeyId" } } @@ -8149,6 +8183,11 @@ "documentation": "The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions.
", "locationName": "ipPermissions" }, + "TagSpecifications": { + "shape": "TagSpecificationList", + "documentation": "The tags applied to the security group rule.
", + "locationName": "TagSpecification" + }, "CidrIp": { "shape": "String", "documentation": "Not supported. Use a set of IP permissions to specify the CIDR.
", @@ -8181,6 +8220,21 @@ } } }, + "AuthorizeSecurityGroupEgressResult": { + "type": "structure", + "members": { + "Return": { + "shape": "Boolean", + "documentation": "Returns true if the request succeeds; otherwise, returns an error.
Information about the outbound (egress) security group rules that were added.
", + "locationName": "securityGroupRuleSet" + } + } + }, "AuthorizeSecurityGroupIngressRequest": { "type": "structure", "members": { @@ -8214,7 +8268,7 @@ }, "SourceSecurityGroupOwnerId": { "shape": "String", - "documentation": "[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.
" + "documentation": "[nondefault VPC] The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.
" }, "ToPort": { "shape": "Integer", @@ -8224,6 +8278,26 @@ "shape": "Boolean", "documentation": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
[VPC Only] The tags applied to the security group rule.
", + "locationName": "TagSpecification" + } + } + }, + "AuthorizeSecurityGroupIngressResult": { + "type": "structure", + "members": { + "Return": { + "shape": "Boolean", + "documentation": "Returns true if the request succeeds; otherwise, returns an error.
Information about the inbound (ingress) security group rules that were added.
", + "locationName": "securityGroupRuleSet" } } }, @@ -17540,7 +17614,7 @@ }, "KeyNames": { "shape": "KeyNameStringList", - "documentation": "The key pair names.
Default: Describes all your key pairs.
", + "documentation": "The key pair names.
Default: Describes all of your key pairs.
", "locationName": "KeyName" }, "KeyPairIds": { @@ -18983,6 +19057,53 @@ } } }, + "DescribeSecurityGroupRulesMaxResults": { + "type": "integer", + "max": 1000, + "min": 5 + }, + "DescribeSecurityGroupRulesRequest": { + "type": "structure", + "members": { + "Filters": { + "shape": "FilterList", + "documentation": "One or more filters.
group-id - The ID of the security group.
security-group-rule-id - The ID of the security group rule.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
The IDs of the security group rules.
", + "locationName": "SecurityGroupRuleId" + }, + "DryRun": { + "shape": "Boolean", + "documentation": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The token for the next page of results.
" + }, + "MaxResults": { + "shape": "DescribeSecurityGroupRulesMaxResults", + "documentation": "The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.
Information about security group rules.
", + "locationName": "securityGroupRuleSet" + }, + "NextToken": { + "shape": "String", + "documentation": "The token to use to retrieve the next page of results. This value is null when there are no more results to return.
The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.
description - The description of the security group.
egress.ip-permission.cidr - An IPv4 CIDR block for an outbound security group rule.
egress.ip-permission.from-port - For an outbound rule, the start of port range for the TCP and UDP protocols, or an ICMP type number.
egress.ip-permission.group-id - The ID of a security group that has been referenced in an outbound security group rule.
egress.ip-permission.group-name - The name of a security group that is referenced in an outbound security group rule.
egress.ip-permission.ipv6-cidr - An IPv6 CIDR block for an outbound security group rule.
egress.ip-permission.prefix-list-id - The ID of a prefix list to which a security group rule allows outbound access.
egress.ip-permission.protocol - The IP protocol for an outbound security group rule (tcp | udp | icmp, a protocol number, or -1 for all protocols).
egress.ip-permission.to-port - For an outbound rule, the end of port range for the TCP and UDP protocols, or an ICMP code.
egress.ip-permission.user-id - The ID of an AWS account that has been referenced in an outbound security group rule.
group-id - The ID of the security group.
group-name - The name of the security group.
ip-permission.cidr - An IPv4 CIDR block for an inbound security group rule.
ip-permission.from-port - For an inbound rule, the start of port range for the TCP and UDP protocols, or an ICMP type number.
ip-permission.group-id - The ID of a security group that has been referenced in an inbound security group rule.
ip-permission.group-name - The name of a security group that is referenced in an inbound security group rule.
ip-permission.ipv6-cidr - An IPv6 CIDR block for an inbound security group rule.
ip-permission.prefix-list-id - The ID of a prefix list from which a security group rule allows inbound access.
ip-permission.protocol - The IP protocol for an inbound security group rule (tcp | udp | icmp, a protocol number, or -1 for all protocols).
ip-permission.to-port - For an inbound rule, the end of port range for the TCP and UDP protocols, or an ICMP code.
ip-permission.user-id - The ID of an AWS account that has been referenced in an inbound security group rule.
owner-id - The AWS account ID of the owner of the security group.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC specified when the security group was created.
The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.
description - The description of the security group.
egress.ip-permission.cidr - An IPv4 CIDR block for an outbound security group rule.
egress.ip-permission.from-port - For an outbound rule, the start of port range for the TCP and UDP protocols, or an ICMP type number.
egress.ip-permission.group-id - The ID of a security group that has been referenced in an outbound security group rule.
egress.ip-permission.group-name - The name of a security group that is referenced in an outbound security group rule.
egress.ip-permission.ipv6-cidr - An IPv6 CIDR block for an outbound security group rule.
egress.ip-permission.prefix-list-id - The ID of a prefix list to which a security group rule allows outbound access.
egress.ip-permission.protocol - The IP protocol for an outbound security group rule (tcp | udp | icmp, a protocol number, or -1 for all protocols).
egress.ip-permission.to-port - For an outbound rule, the end of port range for the TCP and UDP protocols, or an ICMP code.
egress.ip-permission.user-id - The ID of an Amazon Web Services account that has been referenced in an outbound security group rule.
group-id - The ID of the security group.
group-name - The name of the security group.
ip-permission.cidr - An IPv4 CIDR block for an inbound security group rule.
ip-permission.from-port - For an inbound rule, the start of port range for the TCP and UDP protocols, or an ICMP type number.
ip-permission.group-id - The ID of a security group that has been referenced in an inbound security group rule.
ip-permission.group-name - The name of a security group that is referenced in an inbound security group rule.
ip-permission.ipv6-cidr - An IPv6 CIDR block for an inbound security group rule.
ip-permission.prefix-list-id - The ID of a prefix list from which a security group rule allows inbound access.
ip-permission.protocol - The IP protocol for an inbound security group rule (tcp | udp | icmp, a protocol number, or -1 for all protocols).
ip-permission.to-port - For an inbound rule, the end of port range for the TCP and UDP protocols, or an ICMP code.
ip-permission.user-id - The ID of an Amazon Web Services account that has been referenced in an inbound security group rule.
owner-id - The Amazon Web Services account ID of the owner of the security group.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC specified when the security group was created.
The IDs of the security groups. Required for security groups in a nondefault VPC.
Default: Describes all your security groups.
", + "documentation": "The IDs of the security groups. Required for security groups in a nondefault VPC.
Default: Describes all of your security groups.
", "locationName": "GroupId" }, "GroupNames": { "shape": "GroupNameStringList", - "documentation": "[EC2-Classic and default VPC only] The names of the security groups. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the group-name filter to describe security groups by name.
Default: Describes all your security groups.
", + "documentation": "[EC2-Classic and default VPC only] The names of the security groups. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the group-name filter to describe security groups by name.
Default: Describes all of your security groups.
", "locationName": "GroupName" }, "DryRun": { @@ -26707,7 +26828,7 @@ }, "KeyName": { "shape": "String", - "documentation": "The key pair name you provided.
", + "documentation": "The key pair name that you provided.
", "locationName": "keyName" }, "KeyPairId": { @@ -28982,7 +29103,7 @@ }, "UserIdGroupPairs": { "shape": "UserIdGroupPairList", - "documentation": "The security group and AWS account ID pairs.
", + "documentation": "The security group and Amazon Web Services account ID pairs.
", "locationName": "groups" } }, @@ -29221,7 +29342,7 @@ }, "KeyFingerprint": { "shape": "String", - "documentation": "If you used CreateKeyPair to create the key pair, this is the SHA-1 digest of the DER encoded private key. If you used ImportKeyPair to provide AWS the public key, this is the MD5 public key fingerprint as specified in section 4 of RFC4716.
", + "documentation": "If you used CreateKeyPair to create the key pair, this is the SHA-1 digest of the DER encoded private key. If you used ImportKeyPair to provide Amazon Web Services the public key, this is the MD5 public key fingerprint as specified in section 4 of RFC4716.
", "locationName": "keyFingerprint" }, "KeyName": { @@ -32054,6 +32175,38 @@ }, "documentation": "Contains the output of ModifyReservedInstances.
" }, + "ModifySecurityGroupRulesRequest": { + "type": "structure", + "required": [ + "GroupId", + "SecurityGroupRules" + ], + "members": { + "GroupId": { + "shape": "SecurityGroupId", + "documentation": "The ID of the security group.
" + }, + "SecurityGroupRules": { + "shape": "SecurityGroupRuleUpdateList", + "documentation": "Information about the security group properties to update.
", + "locationName": "SecurityGroupRule" + }, + "DryRun": { + "shape": "Boolean", + "documentation": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, returns an error.
The ID of the security group.
", + "locationName": "groupId" + }, + "PeeringStatus": { + "shape": "String", + "documentation": "The status of a VPC peering connection, if applicable.
", + "locationName": "peeringStatus" + }, + "UserId": { + "shape": "String", + "documentation": "The account ID.
", + "locationName": "userId" + }, + "VpcId": { + "shape": "String", + "documentation": "The ID of the VPC.
", + "locationName": "vpcId" + }, + "VpcPeeringConnectionId": { + "shape": "String", + "documentation": "The ID of the VPC peering connection.
", + "locationName": "vpcPeeringConnectionId" + } + }, + "documentation": "Describes the security group that is referenced in the security group rule.
" + }, "Region": { "type": "structure", "members": { @@ -37802,6 +37986,7 @@ "reserved-instances", "route-table", "security-group", + "security-group-rule", "snapshot", "spot-fleet-request", "spot-instances-request", @@ -38128,6 +38313,11 @@ "documentation": "The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions.
", "locationName": "ipPermissions" }, + "SecurityGroupRuleIds": { + "shape": "SecurityGroupRuleIdList", + "documentation": "The IDs of the security group rules.
", + "locationName": "SecurityGroupRuleId" + }, "CidrIp": { "shape": "String", "documentation": "Not supported. Use a set of IP permissions to specify the CIDR.
", @@ -38208,7 +38398,7 @@ }, "SourceSecurityGroupOwnerId": { "shape": "String", - "documentation": "[EC2-Classic] The AWS account ID of the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.
" + "documentation": "[EC2-Classic] The Amazon Web Services account ID of the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.
" }, "ToPort": { "shape": "Integer", @@ -38218,6 +38408,11 @@ "shape": "Boolean", "documentation": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The IDs of the security group rules.
", + "locationName": "SecurityGroupRuleId" } } }, @@ -39422,7 +39617,7 @@ }, "OwnerId": { "shape": "String", - "documentation": "The AWS account ID of the owner of the security group.
", + "documentation": "The Amazon Web Services account ID of the owner of the security group.
", "locationName": "ownerId" }, "GroupId": { @@ -39446,7 +39641,7 @@ "locationName": "vpcId" } }, - "documentation": "Describes a security group
" + "documentation": "Describes a security group.
" }, "SecurityGroupId": { "type": "string" @@ -39512,6 +39707,174 @@ "locationName": "item" } }, + "SecurityGroupRule": { + "type": "structure", + "members": { + "SecurityGroupRuleId": { + "shape": "SecurityGroupRuleId", + "documentation": "The ID of the security group rule.
", + "locationName": "securityGroupRuleId" + }, + "GroupId": { + "shape": "SecurityGroupId", + "documentation": "The ID of the security group.
", + "locationName": "groupId" + }, + "GroupOwnerId": { + "shape": "String", + "documentation": "The ID of the account that owns the security group.
", + "locationName": "groupOwnerId" + }, + "IsEgress": { + "shape": "Boolean", + "documentation": "Indicates whether the security group rule is an outbound rule.
", + "locationName": "isEgress" + }, + "IpProtocol": { + "shape": "String", + "documentation": "The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).
Use -1 to specify all protocols.
The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.
", + "locationName": "fromPort" + }, + "ToPort": { + "shape": "Integer", + "documentation": "The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.
The IPv4 CIDR range.
", + "locationName": "cidrIpv4" + }, + "CidrIpv6": { + "shape": "String", + "documentation": "The IPv6 CIDR range.
", + "locationName": "cidrIpv6" + }, + "PrefixListId": { + "shape": "PrefixListResourceId", + "documentation": "The ID of the prefix list.
", + "locationName": "prefixListId" + }, + "ReferencedGroupInfo": { + "shape": "ReferencedSecurityGroup", + "documentation": "Describes the security group that is referenced in the rule.
", + "locationName": "referencedGroupInfo" + }, + "Description": { + "shape": "String", + "documentation": "The security group rule description.
", + "locationName": "description" + }, + "Tags": { + "shape": "TagList", + "documentation": "The tags applied to the security group rule.
", + "locationName": "tagSet" + } + }, + "documentation": "Describes a security group rule.
" + }, + "SecurityGroupRuleDescription": { + "type": "structure", + "members": { + "SecurityGroupRuleId": { + "shape": "String", + "documentation": "The ID of the security group rule.
" + }, + "Description": { + "shape": "String", + "documentation": "The description of the security group rule.
" + } + }, + "documentation": "Describes the description of a security group rule.
You can use this when you want to update the security group rule description for either an inbound or outbound rule.
" + }, + "SecurityGroupRuleDescriptionList": { + "type": "list", + "member": { + "shape": "SecurityGroupRuleDescription", + "locationName": "item" + } + }, + "SecurityGroupRuleId": { + "type": "string" + }, + "SecurityGroupRuleIdList": { + "type": "list", + "member": { + "shape": "String", + "locationName": "item" + } + }, + "SecurityGroupRuleList": { + "type": "list", + "member": { + "shape": "SecurityGroupRule", + "locationName": "item" + } + }, + "SecurityGroupRuleRequest": { + "type": "structure", + "members": { + "IpProtocol": { + "shape": "String", + "documentation": "The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).
Use -1 to specify all protocols.
The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.
" + }, + "ToPort": { + "shape": "Integer", + "documentation": "The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.
The IPv4 CIDR range. To specify a single IPv4 address, use the /32 prefix length.
" + }, + "CidrIpv6": { + "shape": "String", + "documentation": "The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix length.
" + }, + "PrefixListId": { + "shape": "PrefixListResourceId", + "documentation": "The ID of the prefix list.
" + }, + "ReferencedGroupId": { + "shape": "SecurityGroupId", + "documentation": "The ID of the security group that is referenced in the security group rule.
" + }, + "Description": { + "shape": "String", + "documentation": "The description of the security group rule.
" + } + }, + "documentation": "Describes a security group rule.
You must specify exactly one of the following parameters, based on the rule type:
CidrIpv4
CidrIpv6
PrefixListId
ReferencedGroupId
When you modify a rule, you cannot change the rule type. For example, if the rule uses an IPv4 address range, you must use CidrIpv4 to specify a new IPv4 address range.
The ID of the security group rule.
" + }, + "SecurityGroupRule": { + "shape": "SecurityGroupRuleRequest", + "documentation": "Information about the security group rule.
" + } + }, + "documentation": "Describes an update to a security group rule.
" + }, + "SecurityGroupRuleUpdateList": { + "type": "list", + "member": { + "shape": "SecurityGroupRuleUpdate", + "locationName": "item" + } + }, "SecurityGroupStringList": { "type": "list", "member": { @@ -43926,9 +44289,6 @@ }, "UpdateSecurityGroupRuleDescriptionsEgressRequest": { "type": "structure", - "required": [ - "IpPermissions" - ], "members": { "DryRun": { "shape": "Boolean", @@ -43944,7 +44304,12 @@ }, "IpPermissions": { "shape": "IpPermissionList", - "documentation": "The IP permissions for the security group rule.
" + "documentation": "The IP permissions for the security group rule. You must specify either the IP permissions or the description.
" + }, + "SecurityGroupRuleDescriptions": { + "shape": "SecurityGroupRuleDescriptionList", + "documentation": "The description for the egress security group rules. You must specify either the description or the IP permissions.
", + "locationName": "SecurityGroupRuleDescription" } } }, @@ -43960,9 +44325,6 @@ }, "UpdateSecurityGroupRuleDescriptionsIngressRequest": { "type": "structure", - "required": [ - "IpPermissions" - ], "members": { "DryRun": { "shape": "Boolean", @@ -43978,7 +44340,12 @@ }, "IpPermissions": { "shape": "IpPermissionList", - "documentation": "The IP permissions for the security group rule.
" + "documentation": "The IP permissions for the security group rule. You must specify either IP permissions or a description.
" + }, + "SecurityGroupRuleDescriptions": { + "shape": "SecurityGroupRuleDescriptionList", + "documentation": "[VPC only] The description for the ingress security group rules. You must specify either a description or IP permissions.
", + "locationName": "SecurityGroupRuleDescription" } } }, @@ -44080,7 +44447,7 @@ }, "UserId": { "shape": "String", - "documentation": "The ID of an AWS account.
For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.
[EC2-Classic] Required when adding or removing rules that reference a security group in another AWS account.
", + "documentation": "The ID of an Amazon Web Services account.
For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.
[EC2-Classic] Required when adding or removing rules that reference a security group in another Amazon Web Services account.
", "locationName": "userId" }, "VpcId": { @@ -44094,7 +44461,7 @@ "locationName": "vpcPeeringConnectionId" } }, - "documentation": "Describes a security group and AWS account ID pair.
" + "documentation": "Describes a security group and Amazon Web Services account ID pair.
" }, "UserIdGroupPairList": { "type": "list", diff --git a/apis/ec2-2016-11-15.paginators.json b/apis/ec2-2016-11-15.paginators.json index fde6975e31..e1d041efc2 100644 --- a/apis/ec2-2016-11-15.paginators.json +++ b/apis/ec2-2016-11-15.paginators.json @@ -374,6 +374,12 @@ "output_token": "NextToken", "result_key": "ScheduledInstanceSet" }, + "DescribeSecurityGroupRules": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "SecurityGroupRules" + }, "DescribeSecurityGroups": { "input_token": "NextToken", "limit_key": "MaxResults", diff --git a/apis/iam-2010-05-08.normal.json b/apis/iam-2010-05-08.normal.json index 409193576b..209ed7d759 100644 --- a/apis/iam-2010-05-08.normal.json +++ b/apis/iam-2010-05-08.normal.json @@ -64,7 +64,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this quota cannot be increased. You can remove the existing role and then add a different role to an instance profile. You must then wait for the change to appear across all of AWS because of eventual consistency. To force the change, you must disassociate the instance profile and then associate the instance profile, or you can stop your instance and then restart it.
The caller of this operation must be granted the PassRole permission on the IAM role by a permissions policy.
For more information about roles, see Working with roles. For more information about instance profiles, see About instance profiles.
" + "documentation": "Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this quota cannot be increased. You can remove the existing role and then add a different role to an instance profile. You must then wait for the change to appear across all of Amazon Web Services because of eventual consistency. To force the change, you must disassociate the instance profile and then associate the instance profile, or you can stop your instance and then restart it.
The caller of this operation must be granted the PassRole permission on the IAM role by a permissions policy.
For more information about roles, see Working with roles. For more information about instance profiles, see About instance profiles.
" }, "AddUserToGroup": { "name": "AddUserToGroup", @@ -204,7 +204,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Changes the password of the IAM user who is calling this operation. This operation can be performed using the AWS CLI, the AWS API, or the My Security Credentials page in the AWS Management Console. The AWS account root user password is not affected by this operation.
Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the Users page in the IAM console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the IAM User Guide.
" + "documentation": "Changes the password of the IAM user who is calling this operation. This operation can be performed using the CLI, the Amazon Web Services API, or the My Security Credentials page in the Management Console. The account root user password is not affected by this operation.
Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the IAM User Guide.
" }, "CreateAccessKey": { "name": "CreateAccessKey", @@ -230,7 +230,7 @@ "shape": "ServiceFailureException" } ], - "documentation": " Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials. This is true even if the AWS account has no associated users.
For information about quotas on the number of keys you can create, see IAM and STS quotas in the IAM User Guide.
To ensure the security of your AWS account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.
Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the specified user. The default status for new keys is Active.
If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials. This is true even if the account has no associated users.
For information about quotas on the number of keys you can create, see IAM and STS quotas in the IAM User Guide.
To ensure the security of your account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.
Creates an alias for your AWS account. For information about using an AWS account alias, see Using an alias for your AWS account ID in the IAM User Guide.
" + "documentation": "Creates an alias for your account. For information about using an account alias, see Using an alias for your account ID in the IAM User Guide.
" }, "CreateGroup": { "name": "CreateGroup", @@ -345,7 +345,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the AWS Management Console.
You can use the AWS CLI, the AWS API, or the Users page in the IAM console to create a password for any IAM user. Use ChangePassword to update your own existing password in the My Security Credentials page in the AWS Management Console.
For more information about managing passwords, see Managing passwords in the IAM User Guide.
" + "documentation": "Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services services through the Management Console.
You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a password for any IAM user. Use ChangePassword to update your own existing password in the My Security Credentials page in the Management Console.
For more information about managing passwords, see Managing passwords in the IAM User Guide.
" }, "CreateOpenIDConnectProvider": { "name": "CreateOpenIDConnectProvider", @@ -377,7 +377,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).
The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between AWS and the OIDC provider.
If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a separate IAM identity provider. These OIDC identity providers are already built-in to AWS and are available for your use. Instead, you can move directly to creating new roles using your identity provider. To learn more, see Creating a role for web identity or OpenID connect federation in the IAM User Guide.
When you create the IAM OIDC provider, you specify the following:
The URL of the OIDC identity provider (IdP) to trust
A list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider
A list of thumbprints of one or more server certificates that the IdP uses
You get all of this information from the OIDC IdP that you want to use to access AWS.
The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users.
Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).
The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between Amazon Web Services and the OIDC provider.
If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a separate IAM identity provider. These OIDC identity providers are already built-in to Amazon Web Services and are available for your use. Instead, you can move directly to creating new roles using your identity provider. To learn more, see Creating a role for web identity or OpenID connect federation in the IAM User Guide.
When you create the IAM OIDC provider, you specify the following:
The URL of the OIDC identity provider (IdP) to trust
A list of client IDs (also known as audiences) that identify the application or applications allowed to authenticate using the OIDC provider
A list of thumbprints of one or more server certificates that the IdP uses
You get all of this information from the OIDC IdP that you want to use to access Amazon Web Services.
The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users.
Creates a new managed policy for your AWS account.
This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for managed policies in the IAM User Guide.
As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.
For more information about managed policies in general, see Managed policies and inline policies in the IAM User Guide.
" + "documentation": "Creates a new managed policy for your account.
This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for managed policies in the IAM User Guide.
As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.
For more information about managed policies in general, see Managed policies and inline policies in the IAM User Guide.
" }, "CreatePolicyVersion": { "name": "CreatePolicyVersion", @@ -479,7 +479,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Creates a new role for your AWS account. For more information about roles, see IAM roles. For information about quotas for role names and the number of roles you can create, see IAM and STS quotas in the IAM User Guide.
" + "documentation": "Creates a new role for your account. For more information about roles, see IAM roles. For information about quotas for role names and the number of roles you can create, see IAM and STS quotas in the IAM User Guide.
" }, "CreateSAMLProvider": { "name": "CreateSAMLProvider", @@ -511,7 +511,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.
The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS.
When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.
This operation requires Signature Version 4.
For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide.
" + "documentation": "Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.
The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the Management Console or one that supports API access to Amazon Web Services.
When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.
This operation requires Signature Version 4.
For more information, see Enabling SAML 2.0 federated users to access the Management Console and About SAML 2.0-based federation in the IAM User Guide.
" }, "CreateServiceLinkedRole": { "name": "CreateServiceLinkedRole", @@ -540,7 +540,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Creates an IAM role that is linked to a specific AWS service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your AWS resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see Using service-linked roles in the IAM User Guide.
To attach a policy to this service-linked role, you must make the request using the AWS service that depends on this role.
" + "documentation": "Creates an IAM role that is linked to a specific Amazon Web Services service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your Amazon Web Services resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see Using service-linked roles in the IAM User Guide.
To attach a policy to this service-linked role, you must make the request using the Amazon Web Services service that depends on this role.
" }, "CreateServiceSpecificCredential": { "name": "CreateServiceSpecificCredential", @@ -566,7 +566,7 @@ "shape": "ServiceNotSupportedException" } ], - "documentation": "Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.
You can have a maximum of two sets of service-specific credentials for each supported service per user.
You can create service-specific credentials for AWS CodeCommit and Amazon Keyspaces (for Apache Cassandra).
You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.
For more information about service-specific credentials, see Using IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access keys in the IAM User Guide.
" + "documentation": "Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.
You can have a maximum of two sets of service-specific credentials for each supported service per user.
You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).
You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.
For more information about service-specific credentials, see Using IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys in the IAM User Guide.
" }, "CreateUser": { "name": "CreateUser", @@ -601,7 +601,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Creates a new IAM user for your AWS account.
For information about quotas for the number of IAM users you can create, see IAM and STS quotas in the IAM User Guide.
" + "documentation": "Creates a new IAM user for your account.
For information about quotas for the number of IAM users you can create, see IAM and STS quotas in the IAM User Guide.
" }, "CreateVirtualMFADevice": { "name": "CreateVirtualMFADevice", @@ -633,7 +633,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.
For information about the maximum number of MFA devices you can create, see IAM and STS quotas in the IAM User Guide.
The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.
Creates a new virtual MFA device for the account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.
For information about the maximum number of MFA devices you can create, see IAM and STS quotas in the IAM User Guide.
The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your Amazon Web Services access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.
Deletes the access key pair associated with the specified IAM user.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
" + "documentation": "Deletes the access key pair associated with the specified IAM user.
If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.
" }, "DeleteAccountAlias": { "name": "DeleteAccountAlias", @@ -702,7 +702,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Deletes the specified AWS account alias. For information about using an AWS account alias, see Using an alias for your AWS account ID in the IAM User Guide.
" + "documentation": "Deletes the specified account alias. For information about using an Amazon Web Services account alias, see Using an alias for your account ID in the IAM User Guide.
" }, "DeleteAccountPasswordPolicy": { "name": "DeleteAccountPasswordPolicy", @@ -721,7 +721,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Deletes the password policy for the AWS account. There are no parameters.
" + "documentation": "Deletes the password policy for the account. There are no parameters.
" }, "DeleteGroup": { "name": "DeleteGroup", @@ -818,7 +818,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Deletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console.
You can use the AWS CLI, the AWS API, or the Users page in the IAM console to delete a password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the My Security Credentials page in the AWS Management Console.
Deleting a user's password does not prevent a user from accessing AWS through the command line interface or the API. To prevent all user access, you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
Deletes the password for the specified IAM user, which terminates the user's ability to access Amazon Web Services services through the Management Console.
You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to delete a password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the My Security Credentials page in the Management Console.
Deleting a user's password does not prevent a user from accessing Amazon Web Services through the command line interface or the API. To prevent all user access, you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
Deletes the specified SSH public key.
The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.
" + "documentation": "Deletes the specified SSH public key.
The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.
" }, "DeleteServerCertificate": { "name": "DeleteServerCertificate", @@ -1040,7 +1040,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Deletes the specified server certificate.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of AWS services that can use the server certificates that you manage with IAM.
If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, see DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference.
Deletes the specified server certificate.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.
If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, see DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference.
Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to check the status of the deletion. Before you call this operation, confirm that the role has no active sessions and that any resources used by the role in the linked service are deleted. If you call this operation more than once for the same service-linked role and an earlier deletion task is not complete, then the DeletionTaskId of the earlier request is returned.
If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the service that is linked to the role. For more information about removing resources from a service, see the AWS documentation for your service.
For more information about service-linked roles, see Roles terms and concepts: AWS service-linked role in the IAM User Guide.
" + "documentation": "Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to check the status of the deletion. Before you call this operation, confirm that the role has no active sessions and that any resources used by the role in the linked service are deleted. If you call this operation more than once for the same service-linked role and an earlier deletion task is not complete, then the DeletionTaskId of the earlier request is returned.
If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the service that is linked to the role. For more information about removing resources from a service, see the Amazon Web Services documentation for your service.
For more information about service-linked roles, see Roles terms and concepts: Amazon Web Services service-linked role in the IAM User Guide.
" }, "DeleteServiceSpecificCredential": { "name": "DeleteServiceSpecificCredential", @@ -1104,7 +1104,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Deletes a signing certificate associated with the specified IAM user.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated IAM users.
" + "documentation": "Deletes a signing certificate associated with the specified IAM user.
If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated IAM users.
" }, "DeleteUser": { "name": "DeleteUser", @@ -1132,7 +1132,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Deletes the specified IAM user. Unlike the AWS Management Console, when you delete a user programmatically, you must delete the items attached to the user manually, or the deletion fails. For more information, see Deleting an IAM user. Before attempting to delete a user, remove the following items:
Password (DeleteLoginProfile)
Access keys (DeleteAccessKey)
Signing certificate (DeleteSigningCertificate)
SSH public key (DeleteSSHPublicKey)
Git credentials (DeleteServiceSpecificCredential)
Multi-factor authentication (MFA) device (DeactivateMFADevice, DeleteVirtualMFADevice)
Inline policies (DeleteUserPolicy)
Attached managed policies (DetachUserPolicy)
Group memberships (RemoveUserFromGroup)
Deletes the specified IAM user. Unlike the Management Console, when you delete a user programmatically, you must delete the items attached to the user manually, or the deletion fails. For more information, see Deleting an IAM user. Before attempting to delete a user, remove the following items:
Password (DeleteLoginProfile)
Access keys (DeleteAccessKey)
Signing certificate (DeleteSigningCertificate)
SSH public key (DeleteSSHPublicKey)
Git credentials (DeleteServiceSpecificCredential)
Multi-factor authentication (MFA) device (DeactivateMFADevice, DeleteVirtualMFADevice)
Inline policies (DeleteUserPolicy)
Attached managed policies (DetachUserPolicy)
Group memberships (RemoveUserFromGroup)
Generates a credential report for the AWS account. For more information about the credential report, see Getting credential reports in the IAM User Guide.
" + "documentation": "Generates a credential report for the account. For more information about the credential report, see Getting credential reports in the IAM User Guide.
" }, "GenerateOrganizationsAccessReport": { "name": "GenerateOrganizationsAccessReport", @@ -1347,7 +1347,7 @@ "shape": "ReportGenerationLimitExceededException" } ], - "documentation": "Generates a report for service last accessed data for AWS Organizations. You can generate a report for any entities (organization root, organizational unit, or account) or policies in your organization.
To call this operation, you must be signed in using your AWS Organizations management account credentials. You can use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs must be enabled for your organization root. You must have the required IAM and AWS Organizations permissions. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
You can generate a service last accessed data report for entities by specifying only the entity's path. This data includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.
You can generate a service last accessed data report for a policy by specifying an entity's path and an optional AWS Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.
For each service in both report types, the data includes the most recent account activity that the policy allows to account principals in the entity or the entity's children. For important information about the data, reporting period, permissions required, troubleshooting, and supported Regions see Reducing permissions using service last accessed data in the IAM User Guide.
The data includes all attempts to access AWS, not just the successful ones. This includes all attempts that were made using the AWS Management Console, the AWS API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport operation to check the status of the report generation. To check the status of this request, use the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response parameter. When the job is complete, you can retrieve the report.
To generate a service last accessed data report for entities, specify an entity path without specifying the optional AWS Organizations policy ID. The type of entity that you specify determines the data returned in the report.
Root – When you specify the organizations root as the entity, the resulting report lists all of the services allowed by SCPs that are attached to your root. For each service, the report includes data for all accounts in your organization except the management account, because the management account is not limited by SCPs.
OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data for all accounts in the OU or its children. This data excludes the management account, because the management account is not limited by SCPs.
management account – When you specify the management account, the resulting report lists all AWS services, because the management account is not limited by SCPs. For each service, the report includes data for only the management account.
Account – When you specify another account as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for only the specified account.
To generate a service last accessed data report for policies, specify an entity path and the optional AWS Organizations policy ID. The type of entity that you specify determines the data returned for each service.
Root – When you specify the root entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in your organization to which the SCP applies. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will return a list of services with no data.
OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP might not be included in the data. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list of services with no data.
management account – When you specify the management account, the resulting report lists all AWS services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored. For each service, the report includes data for only the management account.
Account – When you specify another account entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for only the specified account. This means that other accounts in the organization that are affected by the SCP might not be included in the data. If the SCP is not attached to the account, the report will return a list of services with no data.
Service last accessed data does not use other policy types when determining whether a principal could access a service. These other policy types include identity-based policies, resource-based policies, access control lists, IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.
" + "documentation": "Generates a report for service last accessed data for Organizations. You can generate a report for any entities (organization root, organizational unit, or account) or policies in your organization.
To call this operation, you must be signed in using your Organizations management account credentials. You can use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs must be enabled for your organization root. You must have the required IAM and Organizations permissions. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
You can generate a service last accessed data report for entities by specifying only the entity's path. This data includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.
You can generate a service last accessed data report for a policy by specifying an entity's path and an optional Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.
For each service in both report types, the data includes the most recent account activity that the policy allows to account principals in the entity or the entity's children. For important information about the data, reporting period, permissions required, troubleshooting, and supported Regions see Reducing permissions using service last accessed data in the IAM User Guide.
The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all attempts that were made using the Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport operation to check the status of the report generation. To check the status of this request, use the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response parameter. When the job is complete, you can retrieve the report.
To generate a service last accessed data report for entities, specify an entity path without specifying the optional Organizations policy ID. The type of entity that you specify determines the data returned in the report.
Root – When you specify the organizations root as the entity, the resulting report lists all of the services allowed by SCPs that are attached to your root. For each service, the report includes data for all accounts in your organization except the management account, because the management account is not limited by SCPs.
OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data for all accounts in the OU or its children. This data excludes the management account, because the management account is not limited by SCPs.
management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. For each service, the report includes data for only the management account.
Account – When you specify another account as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for only the specified account.
To generate a service last accessed data report for policies, specify an entity path and the optional Organizations policy ID. The type of entity that you specify determines the data returned for each service.
Root – When you specify the root entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in your organization to which the SCP applies. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will return a list of services with no data.
OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP might not be included in the data. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list of services with no data.
management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored. For each service, the report includes data for only the management account.
Account – When you specify another account entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for only the specified account. This means that other accounts in the organization that are affected by the SCP might not be included in the data. If the SCP is not attached to the account, the report will return a list of services with no data.
Service last accessed data does not use other policy types when determining whether a principal could access a service. These other policy types include identity-based policies, resource-based policies, access control lists, IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.
" }, "GenerateServiceLastAccessedDetails": { "name": "GenerateServiceLastAccessedDetails", @@ -1370,7 +1370,7 @@ "shape": "InvalidInputException" } ], - "documentation": "Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access AWS services. Recent activity usually appears within four hours. IAM reports activity for the last 365 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked.
The service last accessed data includes all attempts to access an AWS API, not just the successful ones. This includes all attempts that were made using the AWS Management Console, the AWS API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:
GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every AWS service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.
The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.
GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific AWS service.
To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.
For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.
Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.
" + "documentation": "Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM reports activity for the last 365 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked.
The service last accessed data includes all attempts to access an Amazon Web Services API, not just the successful ones. This includes all attempts that were made using the Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:
GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every Amazon Web Services service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.
The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.
GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service.
To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.
For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.
Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.
" }, "GetAccessKeyLastUsed": { "name": "GetAccessKeyLastUsed", @@ -1390,7 +1390,7 @@ "shape": "NoSuchEntityException" } ], - "documentation": "Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and Region that were specified in the last request made with that key.
" + "documentation": "Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the Amazon Web Services service and Region that were specified in the last request made with that key.
" }, "GetAccountAuthorizationDetails": { "name": "GetAccountAuthorizationDetails", @@ -1410,7 +1410,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.
Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.
You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.
Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.
Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.
You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.
Retrieves the password policy for the AWS account. This tells you the complexity requirements and mandatory rotation periods for the IAM user passwords in your account. For more information about using a password policy, see Managing an IAM password policy.
" + "documentation": "Retrieves the password policy for the account. This tells you the complexity requirements and mandatory rotation periods for the IAM user passwords in your account. For more information about using a password policy, see Managing an IAM password policy.
" }, "GetAccountSummary": { "name": "GetAccountSummary", @@ -1447,7 +1447,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Retrieves information about IAM entity usage and IAM quotas in the AWS account.
For information about IAM quotas, see IAM and STS quotas in the IAM User Guide.
" + "documentation": "Retrieves information about IAM entity usage and IAM quotas in the Amazon Web Services account.
For information about IAM quotas, see IAM and STS quotas in the IAM User Guide.
" }, "GetContextKeysForCustomPolicy": { "name": "GetContextKeysForCustomPolicy", @@ -1467,7 +1467,7 @@ "shape": "InvalidInputException" } ], - "documentation": "Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.
Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity but must be URL encoded to be included as a part of a real HTML request.
Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.
Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity but must be URL encoded to be included as a part of a real HTML request.
Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.
You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy instead.
Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead.
Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.
" + "documentation": "Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.
You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy instead.
Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead.
Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.
" }, "GetCredentialReport": { "name": "GetCredentialReport", @@ -1516,7 +1516,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Retrieves a credential report for the AWS account. For more information about the credential report, see Getting credential reports in the IAM User Guide.
" + "documentation": "Retrieves a credential report for the account. For more information about the credential report, see Getting credential reports in the IAM User Guide.
" }, "GetGroup": { "name": "GetGroup", @@ -1608,7 +1608,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Retrieves the user name and password creation date for the specified IAM user. If the user has not been assigned a password, the operation returns a 404 (NoSuchEntity) error.
Retrieves the user name for the specified IAM user. A login profile is created when you create a password for the user to access the Management Console. If the user does not exist or does not have a password, the operation returns a 404 (NoSuchEntity) error.
If you create an IAM user with access to the console, the CreateDate reflects the date you created the initial password for the user.
If you create an IAM user with programmatic access, and then later add a password for the user to access the Management Console, the CreateDate reflects the initial password creation date. A user with programmatic access does not have a login profile unless you create a password for the user to access the Management Console.
Retrieves the service last accessed data report for AWS Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.
Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.
To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
For each service that principals in an account (root users, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.
By default, the list is sorted by service namespace.
" + "documentation": "Retrieves the service last accessed data report for Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.
Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.
To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
For each service that principals in an account (root users, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.
By default, the list is sorted by service namespace.
" }, "GetPolicy": { "name": "GetPolicy", @@ -1801,7 +1801,7 @@ "shape": "UnrecognizedPublicKeyEncodingException" } ], - "documentation": "Retrieves the specified SSH public key, including metadata about the key.
The SSH public key retrieved by this operation is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.
" + "documentation": "Retrieves the specified SSH public key, including metadata about the key.
The SSH public key retrieved by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.
" }, "GetServerCertificate": { "name": "GetServerCertificate", @@ -1824,7 +1824,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Retrieves information about the specified server certificate stored in IAM.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of AWS services that can use the server certificates that you manage with IAM.
" + "documentation": "Retrieves information about the specified server certificate stored in IAM.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.
" }, "GetServiceLastAccessedDetails": { "name": "GetServiceLastAccessedDetails", @@ -1847,7 +1847,7 @@ "shape": "InvalidInputException" } ], - "documentation": "Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails operation. You can use the JobId parameter in GetServiceLastAccessedDetails to retrieve the status of your report job. When the report is complete, you can retrieve the generated report. The report includes a list of AWS services that the resource (user, group, role, or managed policy) can access.
Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For each service that the resource could access using permissions policies, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails operation returns the reason that it failed.
The GetServiceLastAccessedDetails operation returns a list of services. This list includes the number of entities that have attempted to access the service and the date and time of the last attempt. It also returns the ARN of the following entity, depending on the resource ARN that you used to generate the report:
User – Returns the user ARN that you used to generate the report
Group – Returns the ARN of the group member (user) that last attempted to access the service
Role – Returns the role ARN that you used to generate the report
Policy – Returns the ARN of the user or role that last used the policy to attempt to access the service
By default, the list is sorted by service namespace.
If you specified ACTION_LEVEL granularity when you generated the report, this operation returns service and action last accessed data. This includes the most recent access attempt for each tracked action within a service. Otherwise, this operation returns only service data.
For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.
" + "documentation": "Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails operation. You can use the JobId parameter in GetServiceLastAccessedDetails to retrieve the status of your report job. When the report is complete, you can retrieve the generated report. The report includes a list of Amazon Web Services services that the resource (user, group, role, or managed policy) can access.
Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For each service that the resource could access using permissions policies, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails operation returns the reason that it failed.
The GetServiceLastAccessedDetails operation returns a list of services. This list includes the number of entities that have attempted to access the service and the date and time of the last attempt. It also returns the ARN of the following entity, depending on the resource ARN that you used to generate the report:
User – Returns the user ARN that you used to generate the report
Group – Returns the ARN of the group member (user) that last attempted to access the service
Role – Returns the role ARN that you used to generate the report
Policy – Returns the ARN of the user or role that last used the policy to attempt to access the service
By default, the list is sorted by service namespace.
If you specified ACTION_LEVEL granularity when you generated the report, this operation returns service and action last accessed data. This includes the most recent access attempt for each tracked action within a service. Otherwise, this operation returns only service data.
For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.
" }, "GetServiceLastAccessedDetailsWithEntities": { "name": "GetServiceLastAccessedDetailsWithEntities", @@ -1919,7 +1919,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to sign the request to this operation.
" + "documentation": "Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.
If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID used to sign the request to this operation.
" }, "GetUserPolicy": { "name": "GetUserPolicy", @@ -1965,7 +1965,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.
Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.
If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
To ensure the security of your AWS account, the secret access key is accessible only during key and user creation.
Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.
Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.
If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.
To ensure the security of your account, the secret access key is accessible only during key and user creation.
Lists the account alias associated with the AWS account (Note: you can have only one). For information about using an AWS account alias, see Using an alias for your AWS account ID in the IAM User Guide.
" + "documentation": "Lists the account alias associated with the account (Note: you can have only one). For information about using an account alias, see Using an alias for your account ID in the IAM User Guide.
" }, "ListAttachedGroupPolicies": { "name": "ListAttachedGroupPolicies", @@ -2270,7 +2270,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this operation lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request for this operation.
You can paginate the results using the MaxItems and Marker parameters.
Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this operation lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request for this operation.
You can paginate the results using the MaxItems and Marker parameters.
Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the AWS account.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an OIDC provider, see GetOpenIDConnectProvider.
Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the account.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an OIDC provider, see GetOpenIDConnectProvider.
Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies.
You can filter the list of policies that is returned using the optional OnlyAttached, Scope, and PathPrefix parameters. For example, to list only the customer managed policies in your AWS account, set Scope to Local. To list only AWS managed policies, set Scope to AWS.
You can paginate the results using the MaxItems and Marker parameters.
For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a customer manged policy, see GetPolicy.
Lists all the managed policies that are available in your account, including your own customer-defined managed policies and all Amazon Web Services managed policies.
You can filter the list of policies that is returned using the optional OnlyAttached, Scope, and PathPrefix parameters. For example, to list only the customer managed policies in your Amazon Web Services account, set Scope to Local. To list only Amazon Web Services managed policies, set Scope to AWS.
You can paginate the results using the MaxItems and Marker parameters.
For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a customer manged policy, see GetPolicy.
Retrieves a list of policies that the IAM identity (user, group, or role) can use to access each specified service.
This operation does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
The list of policies returned by the operation depends on the ARN of the identity that you provide.
User – The list of policies includes the managed and inline policies that are attached to the user directly. The list also includes any additional managed and inline policies that are attached to the group to which the user belongs.
Group – The list of policies includes only the managed and inline policies that are attached to the group directly. Policies that are attached to the group’s user are not included.
Role – The list of policies includes only the managed and inline policies that are attached to the role.
For each managed policy, this operation returns the ARN and policy name. For each inline policy, it returns the policy name and the entity to which it is attached. Inline policies do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
Policies that are attached to users and roles as permissions boundaries are not returned. To view which managed policy is currently used to set the permissions boundary for a user or role, use the GetUser or GetRole operations.
" + "documentation": "Retrieves a list of policies that the IAM identity (user, group, or role) can use to access each specified service.
This operation does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
The list of policies returned by the operation depends on the ARN of the identity that you provide.
User – The list of policies includes the managed and inline policies that are attached to the user directly. The list also includes any additional managed and inline policies that are attached to the group to which the user belongs.
Group – The list of policies includes only the managed and inline policies that are attached to the group directly. Policies that are attached to the group’s user are not included.
Role – The list of policies includes only the managed and inline policies that are attached to the role.
For each managed policy, this operation returns the ARN and policy name. For each inline policy, it returns the policy name and the entity to which it is attached. Inline policies do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
Policies that are attached to users and roles as permissions boundaries are not returned. To view which managed policy is currently used to set the permissions boundary for a user or role, use the GetUser or GetRole operations.
" }, "ListPolicyTags": { "name": "ListPolicyTags", @@ -2543,7 +2543,7 @@ "shape": "NoSuchEntityException" } ], - "documentation": "Returns information about the SSH public keys associated with the specified IAM user. If none exists, the operation returns an empty list.
The SSH public keys returned by this operation are used only for authenticating the IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.
Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.
Returns information about the SSH public keys associated with the specified IAM user. If none exists, the operation returns an empty list.
The SSH public keys returned by this operation are used only for authenticating the IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.
Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.
Lists the tags that are attached to the specified IAM server certificate. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.
Lists the tags that are attached to the specified IAM server certificate. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.
Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the operation returns an empty list.
You can paginate the results using the MaxItems and Marker parameters.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of AWS services that can use the server certificates that you manage with IAM.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a servercertificate, see GetServerCertificate.
Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the operation returns an empty list.
You can paginate the results using the MaxItems and Marker parameters.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a servercertificate, see GetServerCertificate.
Returns information about the service-specific credentials associated with the specified IAM user. If none exists, the operation returns an empty list. The service-specific credentials returned by this operation are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an AWS service, see Set up service-specific credentials in the AWS CodeCommit User Guide.
" + "documentation": "Returns information about the service-specific credentials associated with the specified IAM user. If none exists, the operation returns an empty list. The service-specific credentials returned by this operation are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an Amazon Web Services service, see Set up service-specific credentials in the CodeCommit User Guide.
" }, "ListSigningCertificates": { "name": "ListSigningCertificates", @@ -2632,7 +2632,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Returns information about the signing certificates associated with the specified IAM user. If none exists, the operation returns an empty list.
Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.
If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request for this operation. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
Returns information about the signing certificates associated with the specified IAM user. If none exists, the operation returns an empty list.
Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.
If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request for this operation. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.
Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the AWS account. If there are none, the operation returns an empty list.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a user, see GetUser.
You can paginate the results using the MaxItems and Marker parameters.
Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the account. If there are none, the operation returns an empty list.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a user, see GetUser.
You can paginate the results using the MaxItems and Marker parameters.
Lists the virtual MFA devices defined in the AWS account by assignment status. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a virtual MFA device, see ListVirtualMFADevices.
You can paginate the results using the MaxItems and Marker parameters.
Lists the virtual MFA devices defined in the account by assignment status. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a virtual MFA device, see ListVirtualMFADevices.
You can paginate the results using the MaxItems and Marker parameters.
Adds or updates the policy that is specified as the IAM role's permissions boundary. You can use an AWS managed policy or a customer managed policy to set the boundary for a role. Use the boundary to control the maximum permissions that the role can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the role.
You cannot set the boundary for a service-linked role.
Policies used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
Adds or updates the policy that is specified as the IAM role's permissions boundary. You can use an Amazon Web Services managed policy or a customer managed policy to set the boundary for a role. Use the boundary to control the maximum permissions that the role can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the role.
You cannot set the boundary for a service-linked role.
Policies used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
Adds or updates the policy that is specified as the IAM user's permissions boundary. You can use an AWS managed policy or a customer managed policy to set the boundary for a user. Use the boundary to control the maximum permissions that the user can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the user.
Policies that are used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the user. To learn how the effective permissions for a user are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
Adds or updates the policy that is specified as the IAM user's permissions boundary. You can use an Amazon Web Services managed policy or a customer managed policy to set the boundary for a user. Use the boundary to control the maximum permissions that the user can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the user.
Policies that are used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the user. To learn how the effective permissions for a user are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
Resets the password for a service-specific credential. The new password is AWS generated and cryptographically strong. It cannot be configured by the user. Resetting the password immediately invalidates the previous password associated with this user.
" + "documentation": "Resets the password for a service-specific credential. The new password is Amazon Web Services generated and cryptographically strong. It cannot be configured by the user. Resetting the password immediately invalidates the previous password associated with this user.
" }, "ResyncMFADevice": { "name": "ResyncMFADevice", @@ -2958,7 +2958,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Synchronizes the specified MFA device with its IAM resource object on the AWS servers.
For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.
" + "documentation": "Synchronizes the specified MFA device with its IAM resource object on the Amazon Web Services servers.
For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.
" }, "SetDefaultPolicyVersion": { "name": "SetDefaultPolicyVersion", @@ -2999,7 +2999,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Sets the specified version of the global endpoint token as the token version used for the AWS account.
By default, AWS Security Token Service (STS) is available as a global service, and all STS requests go to a single endpoint at https://sts.amazonaws.com. AWS recommends using Regional STS endpoints to reduce latency, build in redundancy, and increase session token availability. For information about Regional endpoints for STS, see AWS AWS Security Token Service endpoints and quotas in the AWS General Reference.
If you make an STS call to the global endpoint, the resulting session tokens might be valid in some Regions but not others. It depends on the version that is set in this operation. Version 1 tokens are valid only in AWS Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens. For information, see Activating and deactivating STS in an AWS region in the IAM User Guide.
To view the current session token version, see the GlobalEndpointTokenVersion entry in the response of the GetAccountSummary operation.
Sets the specified version of the global endpoint token as the token version used for the account.
By default, Security Token Service (STS) is available as a global service, and all STS requests go to a single endpoint at https://sts.amazonaws.com. Amazon Web Services recommends using Regional STS endpoints to reduce latency, build in redundancy, and increase session token availability. For information about Regional endpoints for STS, see Security Token Service endpoints and quotas in the Amazon Web Services General Reference.
If you make an STS call to the global endpoint, the resulting session tokens might be valid in some Regions but not others. It depends on the version that is set in this operation. Version 1 tokens are valid only in Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens. For information, see Activating and deactivating STS in an Region in the IAM User Guide.
To view the current session token version, see the GlobalEndpointTokenVersion entry in the response of the GetAccountSummary operation.
Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and AWS resources to determine the policies' effective permissions. The policies are provided as strings.
The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations. You can simulate resources that don't exist in your account.
If you want to simulate existing policies that are attached to an IAM user, group, or role, use SimulatePrincipalPolicy instead.
Context keys are variables that are maintained by AWS and its services and which provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy.
If the output is long, you can use MaxItems and Marker parameters to paginate the results.
For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.
" + "documentation": "Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The policies are provided as strings.
The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations. You can simulate resources that don't exist in your account.
If you want to simulate existing policies that are attached to an IAM user, group, or role, use SimulatePrincipalPolicy instead.
Context keys are variables that are maintained by Amazon Web Services and its services and which provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy.
If the output is long, you can use MaxItems and Marker parameters to paginate the results.
For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.
" }, "SimulatePrincipalPolicy": { "name": "SimulatePrincipalPolicy", @@ -3048,7 +3048,7 @@ "shape": "PolicyEvaluationException" } ], - "documentation": "Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and AWS resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to. You can simulate resources that don't exist in your account.
You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead.
You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation.
The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.
Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead.
Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.
If the output is long, you can use the MaxItems and Marker parameters to paginate the results.
For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.
" + "documentation": "Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to. You can simulate resources that don't exist in your account.
You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead.
You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation.
The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.
Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead.
Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.
If the output is long, you can use the MaxItems and Marker parameters to paginate the results.
For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.
" }, "TagInstanceProfile": { "name": "TagInstanceProfile", @@ -3076,7 +3076,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Adds one or more tags to an IAM instance profile. If a tag with the same key name already exists, then that tag is overwritten with the new value.
Each tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM instance profile that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM instance profile. If a tag with the same key name already exists, then that tag is overwritten with the new value.
Each tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM instance profile that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM virtual MFA device that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM virtual MFA device that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider. For more information about these providers, see About web identity federation. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an OIDC provider that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider. For more information about these providers, see About web identity federation. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an OIDC provider that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM customer managed policy. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM customer managed policy that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM customer managed policy. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM customer managed policy that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM role that has a specified tag attached. You can also restrict access to only those resources that have a certain tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which AWS resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
For more information about tagging, see Tagging IAM identities in the IAM User Guide.
" + "documentation": "Adds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM role that has a specified tag attached. You can also restrict access to only those resources that have a certain tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
For more information about tagging, see Tagging IAM identities in the IAM User Guide.
" }, "TagSAMLProvider": { "name": "TagSAMLProvider", @@ -3216,7 +3216,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Adds one or more tags to a Security Assertion Markup Language (SAML) identity provider. For more information about these providers, see About SAML 2.0-based federation . If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only a SAML identity provider that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to a Security Assertion Markup Language (SAML) identity provider. For more information about these providers, see About SAML 2.0-based federation . If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only a SAML identity provider that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM server certificate. If a tag with the same key name already exists, then that tag is overwritten with the new value.
For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only a server certificate that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which AWS resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM server certificate. If a tag with the same key name already exists, then that tag is overwritten with the new value.
For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only a server certificate that has a specified tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
Adds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM requesting user that has a specified tag attached. You can also restrict access to only those resources that have a certain tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which AWS resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
For more information about tagging, see Tagging IAM identities in the IAM User Guide.
" + "documentation": "Adds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.
A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:
Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For example, you could search for all resources with the key name Project and the value MyImportantProject. Or search for all resources with the key name Cost Center and the value 41200.
Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict access to only an IAM requesting user that has a specified tag attached. You can also restrict access to only those resources that have a certain tag attached. For examples of policies that show how to use tags to control access, see Control access using IAM tags in the IAM User Guide.
Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services resources.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
For more information about tagging, see Tagging IAM identities in the IAM User Guide.
" }, "UntagInstanceProfile": { "name": "UntagInstanceProfile", @@ -3444,7 +3444,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Removes the specified tags from the IAM server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.
Removes the specified tags from the IAM server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.
Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.
If the UserName is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
For information about rotating keys, see Managing keys and certificates in the IAM User Guide.
" + "documentation": "Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.
If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.
For information about rotating keys, see Managing keys and certificates in the IAM User Guide.
" }, "UpdateAccountPasswordPolicy": { "name": "UpdateAccountPasswordPolicy", @@ -3513,7 +3513,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Updates the password policy settings for the AWS account.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value. Also note that some parameters do not allow the default parameter to be explicitly set. Instead, to invoke the default value, do not include that parameter when you invoke the operation.
For more information about using a password policy, see Managing an IAM password policy in the IAM User Guide.
" + "documentation": "Updates the password policy settings for the account.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value. Also note that some parameters do not allow the default parameter to be explicitly set. Instead, to invoke the default value, do not include that parameter when you invoke the operation.
For more information about using a password policy, see Managing an IAM password policy in the IAM User Guide.
" }, "UpdateAssumeRolePolicy": { "name": "UpdateAssumeRolePolicy", @@ -3594,7 +3594,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Changes the password for the specified IAM user. You can use the AWS CLI, the AWS API, or the Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change your own password in the My Security Credentials page in the AWS Management Console.
For more information about modifying passwords, see Managing passwords in the IAM User Guide.
" + "documentation": "Changes the password for the specified IAM user. You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change your own password in the My Security Credentials page in the Management Console.
For more information about modifying passwords, see Managing passwords in the IAM User Guide.
" }, "UpdateOpenIDConnectProviderThumbprint": { "name": "UpdateOpenIDConnectProviderThumbprint", @@ -3713,7 +3713,7 @@ "shape": "NoSuchEntityException" } ], - "documentation": "Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This operation can be used to disable a user's SSH public key as part of a key rotation work flow.
The SSH public key affected by this operation is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.
" + "documentation": "Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This operation can be used to disable a user's SSH public key as part of a key rotation work flow.
The SSH public key affected by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.
" }, "UpdateServerCertificate": { "name": "UpdateServerCertificate", @@ -3738,7 +3738,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Updates the name and/or the path of the specified server certificate stored in IAM.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of AWS services that can use the server certificates that you manage with IAM.
You should understand the implications of changing a server certificate's path or name. For more information, see Renaming a server certificate in the IAM User Guide.
The person making the request (the principal), must have permission to change the server certificate with the old name and the new name. For example, to change the certificate named ProductionCert to ProdCert, the principal must have a policy that allows them to update both certificates. If the principal has permission to update the ProductionCert group, but not the ProdCert certificate, then the update fails. For more information about permissions, see Access management in the IAM User Guide.
Updates the name and/or the path of the specified server certificate stored in IAM.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.
You should understand the implications of changing a server certificate's path or name. For more information, see Renaming a server certificate in the IAM User Guide.
The person making the request (the principal), must have permission to change the server certificate with the old name and the new name. For example, to change the certificate named ProductionCert to ProdCert, the principal must have a policy that allows them to update both certificates. If the principal has permission to update the ProductionCert group, but not the ProdCert certificate, then the update fails. For more information about permissions, see Access management in the IAM User Guide.
Changes the status of the specified user signing certificate from active to disabled, or vice versa. This operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.
If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
Changes the status of the specified user signing certificate from active to disabled, or vice versa. This operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.
If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.
Uploads an SSH public key and associates it with the specified IAM user.
The SSH public key uploaded by this operation can be used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.
" + "documentation": "Uploads an SSH public key and associates it with the specified IAM user.
The SSH public key uploaded by this operation can be used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.
" }, "UploadServerCertificate": { "name": "UploadServerCertificate", @@ -3877,7 +3877,7 @@ "shape": "ServiceFailureException" } ], - "documentation": "Uploads a server certificate entity for the AWS account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
We recommend that you use AWS Certificate Manager to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to AWS resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about using ACM, see the AWS Certificate Manager User Guide.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of AWS services that can use the server certificates that you manage with IAM.
For information about the number of server certificates you can upload, see IAM and STS quotas in the IAM User Guide.
Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling UploadServerCertificate. For information about setting up signatures and authorization through the API, see Signing AWS API requests in the AWS General Reference. For general information about using the Query API with IAM, see Calling the API by making HTTP query requests in the IAM User Guide.
Uploads a server certificate entity for the account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
We recommend that you use Certificate Manager to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to Amazon Web Services resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about using ACM, see the Certificate Manager User Guide.
For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.
For information about the number of server certificates you can upload, see IAM and STS quotas in the IAM User Guide.
Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling UploadServerCertificate. For information about setting up signatures and authorization through the API, see Signing Amazon Web Services API requests in the Amazon Web Services General Reference. For general information about using the Query API with IAM, see Calling the API by making HTTP query requests in the IAM User Guide.
Uploads an X.509 signing certificate and associates it with the specified IAM user. Some AWS services require you to use certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.
For information about when you would use an X.509 signing certificate, see Managing server certificates in IAM in the IAM User Guide.
If the UserName is not specified, the IAM user name is determined implicitly based on the AWS access key ID used to sign the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
Because the body of an X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For information about setting up signatures and authorization through the API, see Signing AWS API requests in the AWS General Reference. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.
Uploads an X.509 signing certificate and associates it with the specified IAM user. Some Amazon Web Services services require you to use certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.
For information about when you would use an X.509 signing certificate, see Managing server certificates in IAM in the IAM User Guide.
If the UserName is not specified, the IAM user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.
Because the body of an X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For information about setting up signatures and authorization through the API, see Signing Amazon Web Services API requests in the Amazon Web Services General Reference. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.
The namespace of the service in which access was attempted.
To learn the service namespace of a service, see Actions, resources, and condition keys for AWS services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS service namespaces in the AWS General Reference.
The namespace of the service in which access was attempted.
To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no principals (IAM users, IAM roles, or root users) in the reported Organizations entity attempted to access the service within the reporting period.
" + "documentation": "The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no principals (IAM users, IAM roles, or root users) in the reported Organizations entity attempted to access the service within the reporting period.
" }, "LastAuthenticatedTime": { "shape": "dateType", - "documentation": "The date and time, in ISO 8601 date-time format, when an authenticated principal most recently attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.
" + "documentation": "The date and time, in ISO 8601 date-time format, when an authenticated principal most recently attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.
" }, "TotalAuthenticatedEntities": { "shape": "integerType", "documentation": "The number of accounts with authenticated principals (root users, IAM users, and IAM roles) that attempted to access the service in the reporting period.
" } }, - "documentation": "An object that contains details about when a principal in the reported AWS Organizations entity last attempted to access an AWS service. A principal can be an IAM user, an IAM role, or the AWS account root user within the reported Organizations entity.
This data type is a response element in the GetOrganizationsAccessReport operation.
" + "documentation": "An object that contains details about when a principal in the reported Organizations entity last attempted to access an Amazon Web Services service. A principal can be an IAM user, an IAM role, or the Amazon Web Services account root user within the reported Organizations entity.
This data type is a response element in the GetOrganizationsAccessReport operation.
" }, "AccessDetails": { "type": "list", @@ -3996,7 +3996,7 @@ "documentation": "The date when the access key was created.
" } }, - "documentation": "Contains information about an AWS access key.
This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.
The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.
Contains information about an Amazon Web Services access key.
This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.
The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.
The name of the AWS service with which this access key was most recently used. The value of this field is \"N/A\" in the following situations:
The user does not have an access key.
An access key exists but has not been used since IAM started tracking this information.
There is no sign-in data associated with the user.
The name of the Amazon Web Services service with which this access key was most recently used. The value of this field is \"N/A\" in the following situations:
The user does not have an access key.
An access key exists but has not been used since IAM started tracking this information.
There is no sign-in data associated with the user.
The AWS Region where this access key was most recently used. The value for this field is \"N/A\" in the following situations:
The user does not have an access key.
An access key exists but has not been used since IAM began tracking this information.
There is no sign-in data associated with the user.
For more information about AWS Regions, see Regions and endpoints in the Amazon Web Services General Reference.
" + "documentation": "The Region where this access key was most recently used. The value for this field is \"N/A\" in the following situations:
The user does not have an access key.
An access key exists but has not been used since IAM began tracking this information.
There is no sign-in data associated with the user.
For more information about Regions, see Regions and endpoints in the Amazon Web Services General Reference.
" } }, - "documentation": "Contains information about the last time an AWS access key was used since IAM began tracking this information on April 22, 2015.
This data type is used as a response element in the GetAccessKeyLastUsed operation.
" + "documentation": "Contains information about the last time an Amazon Web Services access key was used since IAM began tracking this information on April 22, 2015.
This data type is used as a response element in the GetAccessKeyLastUsed operation.
" }, "AccessKeyMetadata": { "type": "structure", @@ -4041,7 +4041,7 @@ "documentation": "The date when the access key was created.
" } }, - "documentation": "Contains information about an AWS access key, without its secret key.
This data type is used as a response element in the ListAccessKeys operation.
" + "documentation": "Contains information about an Amazon Web Services access key, without its secret key.
This data type is used as a response element in the ListAccessKeys operation.
" }, "ActionNameListType": { "type": "list", @@ -4124,7 +4124,7 @@ }, "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -4141,7 +4141,7 @@ }, "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -4158,7 +4158,7 @@ }, "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -4206,7 +4206,7 @@ }, "NewPassword": { "shape": "passwordType", - "documentation": "The new password. The new password must conform to the AWS account's password policy, if one exists.
The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\\u0020) through the end of the ASCII character range (\\u00FF). You can also include the tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the AWS Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.
The new password. The new password must conform to the account's password policy, if one exists.
The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\\u0020) through the end of the ASCII character range (\\u00FF). You can also include the tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.
The new password for the user.
The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\\u0020) through the end of the ASCII character range (\\u00FF). You can also include the tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the AWS Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.
The new password for the user.
The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\\u0020) through the end of the ASCII character range (\\u00FF). You can also include the tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.
The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com.
You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.
" + "documentation": "The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com.
You cannot register the same provider multiple times in a single account. If you try to submit a URL that has already been used for an OpenID Connect provider in the account, you will get an error.
" }, "ClientIDList": { "shape": "clientIDListType", @@ -4460,7 +4460,7 @@ }, "PolicyDocument": { "shape": "policyDocumentType", - "documentation": "The JSON policy document that you want to use as the content for the new policy.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
To learn more about JSON policy grammar, see Grammar of the IAM JSON policy language in the IAM User Guide.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The JSON policy document that you want to use as the content for the new policy.
You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.
To learn more about JSON policy grammar, see Grammar of the IAM JSON policy language in the IAM User Guide.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "PolicyDocument": { "shape": "policyDocumentType", - "documentation": "The JSON policy document that you want to use as the content for this new version of the policy.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The JSON policy document that you want to use as the content for this new version of the policy.
You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The trust relationship policy document that grants an entity permission to assume the role.
In IAM, you must provide a JSON policy that has been converted to a string. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
Upon success, the response includes the same trust policy in JSON format.
" + "documentation": "The trust relationship policy document that grants an entity permission to assume the role.
In IAM, you must provide a JSON policy that has been converted to a string. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
Upon success, the response includes the same trust policy in JSON format.
" }, "Description": { "shape": "roleDescriptionType", @@ -4538,7 +4538,7 @@ }, "MaxSessionDuration": { "shape": "roleMaxSessionDurationType", - "documentation": "The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.
The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
Anyone who assumes the role from the or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.
The service principal for the AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com.
Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see AWS services that work with IAM in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service.
" + "documentation": "The service principal for the Amazon Web Services service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com.
Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see Amazon Web Services services that work with IAM in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service.
" }, "Description": { "shape": "roleDescriptionType", @@ -4640,7 +4640,7 @@ }, "ServiceName": { "shape": "serviceName", - "documentation": "The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.
" + "documentation": "The name of the Amazon Web Services service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.
" } } }, @@ -4838,7 +4838,7 @@ "members": { "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to delete.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to delete.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -4851,7 +4851,7 @@ "members": { "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "VersionId": { "shape": "policyVersionIdType", @@ -5091,7 +5091,7 @@ }, "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -5108,7 +5108,7 @@ }, "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -5125,7 +5125,7 @@ }, "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -5168,10 +5168,10 @@ }, "LastAuthenticated": { "shape": "dateType", - "documentation": "The date and time, in ISO 8601 date-time format, when the authenticated entity last attempted to access AWS. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" + "documentation": "The date and time, in ISO 8601 date-time format, when the authenticated entity last attempted to access Amazon Web Services. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" } }, - "documentation": "An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified AWS service.
This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.
" + "documentation": "An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified Amazon Web Services service.
This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.
" }, "EntityInfo": { "type": "structure", @@ -5283,7 +5283,7 @@ }, "EvalDecisionDetails": { "shape": "EvalDecisionDetailsType", - "documentation": "Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is present but the response is empty. If the simulation evaluates policies within the same account and specifies all resources (*), then the parameter is not returned.
When you make a cross-account request, AWS evaluates the request in the trusting account and the trusted account. The request is allowed only if both evaluations return true. For more information about how policies are evaluated, see Evaluating policies within a single account.
If an AWS Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
" + "documentation": "Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is present but the response is empty. If the simulation evaluates policies within the same account and specifies all resources (*), then the parameter is not returned.
When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the trusted account. The request is allowed only if both evaluations return true. For more information about how policies are evaluated, see Evaluating policies within a single account.
If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
" }, "ResourceSpecificResults": { "shape": "ResourceSpecificResultListType", @@ -5320,11 +5320,11 @@ "members": { "EntityPath": { "shape": "organizationsEntityPathType", - "documentation": "The path of the AWS Organizations entity (root, OU, or account). You can build an entity path using the known structure of your organization. For example, assume that your account ID is 123456789012 and its parent OU ID is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.
The path of the Organizations entity (root, OU, or account). You can build an entity path using the known structure of your organization. For example, assume that your account ID is 123456789012 and its parent OU ID is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.
The identifier of the AWS Organizations service control policy (SCP). This parameter is optional.
This ID is used to generate information about when an account principal that is limited by the SCP attempted to access an AWS service.
" + "documentation": "The identifier of the Organizations service control policy (SCP). This parameter is optional.
This ID is used to generate information about when an account principal that is limited by the SCP attempted to access an Amazon Web Services service.
" } } }, @@ -5345,7 +5345,7 @@ "members": { "Arn": { "shape": "arnType", - "documentation": "The ARN of the IAM resource (user, group, role, or managed policy) used to generate information about when the resource was last used in an attempt to access an AWS service.
" + "documentation": "The ARN of the IAM resource (user, group, role, or managed policy) used to generate information about when the resource was last used in an attempt to access an Amazon Web Services service.
" }, "Granularity": { "shape": "AccessAdvisorUsageGranularityType", @@ -5379,7 +5379,7 @@ "members": { "UserName": { "shape": "existingUserNameType", - "documentation": "The name of the AWS IAM user that owns this access key.
" + "documentation": "The name of the IAM user that owns this access key.
" }, "AccessKeyLastUsed": { "shape": "AccessKeyLastUsed", @@ -5488,7 +5488,7 @@ "members": { "PolicySourceArn": { "shape": "arnType", - "documentation": "The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "PolicyInputList": { "shape": "SimulationPolicyListType", @@ -5549,7 +5549,7 @@ }, "PolicyDocument": { "shape": "policyDocumentType", - "documentation": "The policy document.
IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
" + "documentation": "The policy document.
IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
" } }, "documentation": "Contains the response to a successful GetGroupPolicy request.
" @@ -5645,7 +5645,7 @@ "members": { "LoginProfile": { "shape": "LoginProfile", - "documentation": "A structure containing the user name and password create date for the user.
" + "documentation": "A structure containing the user name and the profile creation date for the user.
" } }, "documentation": "Contains the response to a successful GetLoginProfile request.
" @@ -5658,7 +5658,7 @@ "members": { "OpenIDConnectProviderArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders operation.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders operation.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -5679,7 +5679,7 @@ }, "CreateDate": { "shape": "dateType", - "documentation": "The date and time when the IAM OIDC provider resource object was created in the AWS account.
" + "documentation": "The date and time when the IAM OIDC provider resource object was created in the account.
" }, "Tags": { "shape": "tagListType", @@ -5764,7 +5764,7 @@ "members": { "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the managed policy that you want information about.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the managed policy that you want information about.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -5787,7 +5787,7 @@ "members": { "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the managed policy that you want information about.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the managed policy that you want information about.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "VersionId": { "shape": "policyVersionIdType", @@ -5840,7 +5840,7 @@ }, "PolicyDocument": { "shape": "policyDocumentType", - "documentation": "The policy document.
IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
" + "documentation": "The policy document.
IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
" } }, "documentation": "Contains the response to a successful GetRolePolicy request.
" @@ -5878,7 +5878,7 @@ "members": { "SAMLProviderArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get information about.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get information about.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -6037,7 +6037,7 @@ }, "ServiceNamespace": { "shape": "serviceNamespaceType", - "documentation": "The service namespace for an AWS service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.
To learn the service namespace for a service, see Actions, resources, and condition keys for AWS services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS service namespaces in the AWS General Reference.
The service namespace for an Amazon Web Services service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.
To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
An EntityDetailsList object that contains details about when an IAM entity (user or role) used group or policy permissions in an attempt to access the specified AWS service.
An EntityDetailsList object that contains details about when an IAM entity (user or role) used group or policy permissions in an attempt to access the specified Amazon Web Services service.
The policy document.
IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
" + "documentation": "The policy document.
IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
" } }, "documentation": "Contains the response to a successful GetUserPolicy request.
" @@ -6173,7 +6173,7 @@ "members": { "User": { "shape": "User", - "documentation": "A structure containing details about the IAM user.
Due to a service issue, password last used data does not include password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report, and returned by this operation. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3, 2018. For users that signed in after May 23, 2018 14:08 PDT, the returned password last used date is accurate.
You can use password last used information to identify unused credentials for deletion. For example, you might delete users who did not sign in to AWS in the last 90 days. In cases like this, we recommend that you adjust your evaluation window to include dates after May 23, 2018. Alternatively, if your users use access keys to access AWS programmatically you can refer to access key last used information because it is accurate for all dates.
A structure containing details about the IAM user.
Due to a service issue, password last used data does not include password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report, and returned by this operation. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3, 2018. For users that signed in after May 23, 2018 14:08 PDT, the returned password last used date is accurate.
You can use password last used information to identify unused credentials for deletion. For example, you might delete users who did not sign in to Amazon Web Services in the last 90 days. In cases like this, we recommend that you adjust your evaluation window to include dates after May 23, 2018. Alternatively, if your users use access keys to access Amazon Web Services programmatically you can refer to access key last used information because it is accurate for all dates.
Contains the response to a successful GetUser request.
" @@ -6348,7 +6348,7 @@ "members": { "AccountAliases": { "shape": "accountAliasListType", - "documentation": "A list of aliases associated with the account. AWS supports only one alias per account.
" + "documentation": "A list of aliases associated with the account. Amazon Web Services supports only one alias per account.
" }, "IsTruncated": { "shape": "booleanType", @@ -6495,7 +6495,7 @@ "members": { "PolicyArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "EntityFilter": { "shape": "EntityType", @@ -6673,7 +6673,7 @@ "members": { "InstanceProfileName": { "shape": "instanceProfileNameType", - "documentation": "The name of the IAM instance profile whose tags you want to see.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The name of the IAM instance profile whose tags you want to see.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Marker": { "shape": "markerType", @@ -6681,7 +6681,7 @@ }, "MaxItems": { "shape": "maxItemsType", - "documentation": "(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
The unique identifier for the IAM virtual MFA device whose tags you want to see. For virtual MFA devices, the serial number is the same as the ARN.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The unique identifier for the IAM virtual MFA device whose tags you want to see. For virtual MFA devices, the serial number is the same as the ARN.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Marker": { "shape": "markerType", @@ -6800,7 +6800,7 @@ }, "MaxItems": { "shape": "maxItemsType", - "documentation": "(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
The ARN of the OpenID Connect (OIDC) identity provider whose tags you want to see.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The ARN of the OpenID Connect (OIDC) identity provider whose tags you want to see.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Marker": { "shape": "markerType", @@ -6878,7 +6878,7 @@ }, "MaxItems": { "shape": "maxItemsType", - "documentation": "(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
The list of IAM OIDC provider resource objects defined in the AWS account.
" + "documentation": "The list of IAM OIDC provider resource objects defined in the account.
" } }, "documentation": "Contains the response to a successful ListOpenIDConnectProviders request.
" @@ -6921,7 +6921,7 @@ "members": { "ServiceNamespace": { "shape": "serviceNamespaceType", - "documentation": "The namespace of the service that was accessed.
To learn the service namespace of a service, see Actions, resources, and condition keys for AWS services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS service namespaces in the AWS General Reference.
The namespace of the service that was accessed.
To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
The service namespace for the AWS services whose policies you want to list.
To learn the service namespace for a service, see Actions, resources, and condition keys for AWS services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS service namespaces in the AWS General Reference.
The service namespace for the Amazon Web Services services whose policies you want to list.
To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
The scope to use for filtering the results.
To list only AWS managed policies, set Scope to AWS. To list only the customer managed policies in your AWS account, set Scope to Local.
This parameter is optional. If it is not included, or if it is set to All, all policies are returned.
The scope to use for filtering the results.
To list only Amazon Web Services managed policies, set Scope to AWS. To list only the customer managed policies in your account, set Scope to Local.
This parameter is optional. If it is not included, or if it is set to All, all policies are returned.
The ARN of the IAM customer managed policy whose tags you want to see.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The ARN of the IAM customer managed policy whose tags you want to see.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Marker": { "shape": "markerType", @@ -7034,7 +7034,7 @@ }, "MaxItems": { "shape": "maxItemsType", - "documentation": "(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "Marker": { "shape": "markerType", @@ -7153,7 +7153,7 @@ }, "MaxItems": { "shape": "maxItemsType", - "documentation": "(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
The ARN of the Security Assertion Markup Language (SAML) identity provider whose tags you want to see.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The ARN of the Security Assertion Markup Language (SAML) identity provider whose tags you want to see.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Marker": { "shape": "markerType", @@ -7231,7 +7231,7 @@ }, "MaxItems": { "shape": "maxItemsType", - "documentation": "(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
The list of SAML provider resource objects defined in IAM for this AWS account.
" + "documentation": "The list of SAML provider resource objects defined in IAM for this Amazon Web Services account.
" } }, "documentation": "Contains the response to a successful ListSAMLProviders request.
" @@ -7274,7 +7274,7 @@ "members": { "UserName": { "shape": "userNameType", - "documentation": "The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the AWS access key used to sign the request.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" + "documentation": "The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the Amazon Web Services access key used to sign the request.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Marker": { "shape": "markerType", @@ -7312,7 +7312,7 @@ "members": { "ServerCertificateName": { "shape": "serverCertificateNameType", - "documentation": "The name of the IAM server certificate whose tags you want to see.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The name of the IAM server certificate whose tags you want to see.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Marker": { "shape": "markerType", @@ -7320,7 +7320,7 @@ }, "MaxItems": { "shape": "maxItemsType", - "documentation": "(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
Filters the returned results to only those for the specified AWS service. If not specified, then AWS returns service-specific credentials for all services.
" + "documentation": "Filters the returned results to only those for the specified Amazon Web Services service. If not specified, then Amazon Web Services returns service-specific credentials for all services.
" } } }, @@ -7491,7 +7491,7 @@ "members": { "UserName": { "shape": "existingUserNameType", - "documentation": "The name of the IAM user whose tags you want to see.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The name of the IAM user whose tags you want to see.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Marker": { "shape": "markerType", @@ -7499,7 +7499,7 @@ }, "MaxItems": { "shape": "maxItemsType", - "documentation": "(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
The name of the user, which can be used for signing in to the AWS Management Console.
" + "documentation": "The name of the user, which can be used for signing in to the Management Console.
" }, "CreateDate": { "shape": "dateType", @@ -8038,7 +8038,7 @@ }, "PolicyDocument": { "shape": "policyDocumentType", - "documentation": "The policy document.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The policy document.
You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to = IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The policy document.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The policy document.
You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The policy document.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The policy document.
You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "ClientID": { "shape": "clientIDType", @@ -8348,7 +8348,7 @@ }, "MaxSessionDuration": { "shape": "roleMaxSessionDurationType", - "documentation": "The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter.
The maximum session duration (in seconds) for the specified role. Anyone who uses the CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter.
The name of the AWS Region in which the role was last used.
" + "documentation": "The name of the Region in which the role was last used.
" } }, "documentation": "Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.
This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.
" @@ -8515,7 +8515,7 @@ }, "Status": { "shape": "statusType", - "documentation": "The status of the SSH public key. Active means that the key can be used for authentication with an AWS CodeCommit repository. Inactive means that the key cannot be used.
The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
The status of the SSH public key. Active means that the key can be used for authentication with an AWS CodeCommit repository. Inactive means that the key cannot be used.
The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" + "documentation": "The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" }, "ServiceNamespace": { "shape": "serviceNamespaceType", - "documentation": "The namespace of the service in which access was attempted.
To learn the service namespace of a service, see Actions, resources, and condition keys for AWS services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS Service Namespaces in the AWS General Reference.
The namespace of the service in which access was attempted.
To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
The ARN of the authenticated entity (user or role) that last attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" + "documentation": "The ARN of the authenticated entity (user or role) that last attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" }, "LastAuthenticatedRegion": { "shape": "stringType", - "documentation": "The Region from which the authenticated entity (user or role) last attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" + "documentation": "The Region from which the authenticated entity (user or role) last attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" }, "TotalAuthenticatedEntities": { "shape": "integerType", @@ -8680,7 +8680,7 @@ }, "ServiceUserName": { "shape": "serviceUserName", - "documentation": "The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the AWS account, as in jane-at-123456789012, for example. This value cannot be configured by the user.
The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the Amazon Web Services account, as in jane-at-123456789012, for example. This value cannot be configured by the user.
The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "VersionId": { "shape": "policyVersionIdType", @@ -8776,7 +8776,7 @@ "members": { "GlobalEndpointTokenVersion": { "shape": "globalEndpointTokenVersion", - "documentation": "The version of the global endpoint token. Version 1 tokens are valid only in AWS Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens.
For information, see Activating and deactivating STS in an AWS region in the IAM User Guide.
" + "documentation": "The version of the global endpoint token. Version 1 tokens are valid only in Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens.
For information, see Activating and deactivating STS in an Region in the IAM User Guide.
" } } }, @@ -8821,11 +8821,11 @@ "members": { "PolicyInputList": { "shape": "SimulationPolicyListType", - "documentation": "A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the ResourcePolicy parameter. The policies cannot be \"scope-down\" policies, such as you could include in a call to GetFederationToken or one of the AssumeRole API operations. In other words, do not use policies designed to restrict what a user can do while using the temporary credentials.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the ResourcePolicy parameter. The policies cannot be \"scope-down\" policies, such as you could include in a call to GetFederationToken or one of the AssumeRole API operations. In other words, do not use policies designed to restrict what a user can do while using the temporary credentials.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that an IAM entity can have. You can input only one permissions boundary when you pass a policy to this operation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string that contains the complete, valid JSON text of a permissions boundary policy.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that an IAM entity can have. You can input only one permissions boundary when you pass a policy to this operation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string that contains the complete, valid JSON text of a permissions boundary policy.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account.
The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter.
If you include a ResourcePolicy, then it must be applicable to all of the resources included in the simulation or you receive an invalid input error.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account.
The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter.
If you include a ResourcePolicy, then it must be applicable to all of the resources included in the simulation or you receive an invalid input error.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "ResourcePolicy": { "shape": "policyDocumentType", - "documentation": "A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
An ARN representing the AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.
The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. For example, to represent the account with the 112233445566 ID, use the following ARN: arn:aws:iam::112233445566-ID:root.
An ARN representing the account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.
The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. For example, to represent the account with the 112233445566 ID, use the following ARN: arn:aws:iam::112233445566-ID:root.
The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "PolicyInputList": { "shape": "SimulationPolicyListType", @@ -8900,7 +8900,7 @@ }, "PermissionsBoundaryPolicyInputList": { "shape": "SimulationPolicyListType", - "documentation": "The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that the entity can have. You can input only one permissions boundary when you pass a policy to this operation. An IAM entity can only have one permissions boundary in effect at a time. For example, if a permissions boundary is attached to an entity and you pass in a different permissions boundary policy using this parameter, then the new permissions boundary policy is used for the simulation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string containing the complete, valid JSON text of a permissions boundary policy.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that the entity can have. You can input only one permissions boundary when you pass a policy to this operation. An IAM entity can only have one permissions boundary in effect at a time. For example, if a permissions boundary is attached to an entity and you pass in a different permissions boundary policy using this parameter, then the new permissions boundary policy is used for the simulation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string containing the complete, valid JSON text of a permissions boundary policy.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account.
The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account.
The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "ResourcePolicy": { "shape": "policyDocumentType", - "documentation": "A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.
An account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.
The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not specify a CallerArn, it defaults to the ARN of the user that you specify in PolicySourceArn, if you specified a user. If you include both a PolicySourceArn (for example, arn:aws:iam::123456789012:user/David) and a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the API operations as Bob, as if Bob had David's policies.
You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
CallerArn is required if you include a ResourcePolicy and the PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based policy's Principal element has a value to use in evaluating the policy.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not specify a CallerArn, it defaults to the ARN of the user that you specify in PolicySourceArn, if you specified a user. If you include both a PolicySourceArn (for example, arn:aws:iam::123456789012:user/David) and a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the API operations as Bob, as if Bob had David's policies.
You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
CallerArn is required if you include a ResourcePolicy and the PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based policy's Principal element has a value to use in evaluating the policy.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "ContextEntries": { "shape": "ContextEntryListType", @@ -8987,7 +8987,7 @@ }, "Value": { "shape": "tagValueType", - "documentation": "The value associated with this tag. For example, tags with a key name of Department could have values such as Human Resources, Accounting, and Support. Tags with a key name of Cost Center might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
The value associated with this tag. For example, tags with a key name of Department could have values such as Human Resources, Accounting, and Support. Tags with a key name of Cost Center might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.
Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
A structure that represents user-provided metadata that can be associated with an IAM resource. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
" @@ -9001,7 +9001,7 @@ "members": { "InstanceProfileName": { "shape": "instanceProfileNameType", - "documentation": "The name of the IAM instance profile to which you want to add tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The name of the IAM instance profile to which you want to add tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Tags": { "shape": "tagListType", @@ -9018,7 +9018,7 @@ "members": { "SerialNumber": { "shape": "serialNumberType", - "documentation": "The unique identifier for the IAM virtual MFA device to which you want to add tags. For virtual MFA devices, the serial number is the same as the ARN.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The unique identifier for the IAM virtual MFA device to which you want to add tags. For virtual MFA devices, the serial number is the same as the ARN.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Tags": { "shape": "tagListType", @@ -9035,7 +9035,7 @@ "members": { "OpenIDConnectProviderArn": { "shape": "arnType", - "documentation": "The ARN of the OIDC identity provider in IAM to which you want to add tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The ARN of the OIDC identity provider in IAM to which you want to add tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Tags": { "shape": "tagListType", @@ -9052,7 +9052,7 @@ "members": { "PolicyArn": { "shape": "arnType", - "documentation": "The ARN of the IAM customer managed policy to which you want to add tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The ARN of the IAM customer managed policy to which you want to add tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Tags": { "shape": "tagListType", @@ -9086,7 +9086,7 @@ "members": { "SAMLProviderArn": { "shape": "arnType", - "documentation": "The ARN of the SAML identity provider in IAM to which you want to add tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The ARN of the SAML identity provider in IAM to which you want to add tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Tags": { "shape": "tagListType", @@ -9103,7 +9103,7 @@ "members": { "ServerCertificateName": { "shape": "serverCertificateNameType", - "documentation": "The name of the IAM server certificate to which you want to add tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The name of the IAM server certificate to which you want to add tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Tags": { "shape": "tagListType", @@ -9120,7 +9120,7 @@ "members": { "UserName": { "shape": "existingUserNameType", - "documentation": "The name of the IAM user to which you want to add tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The name of the IAM user to which you want to add tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "Tags": { "shape": "tagListType", @@ -9140,11 +9140,11 @@ }, "LastAccessedTime": { "shape": "dateType", - "documentation": "The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the tracked service. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" + "documentation": "The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the tracked service. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" }, "LastAccessedRegion": { "shape": "stringType", - "documentation": "The Region from which the authenticated entity (user or role) last attempted to access the tracked action. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" + "documentation": "The Region from which the authenticated entity (user or role) last attempted to access the tracked action. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
" } }, "documentation": "Contains details about the most recent attempt to access an action within the service.
This data type is used as a response element in the GetServiceLastAccessedDetails operation.
" @@ -9164,7 +9164,7 @@ "members": { "InstanceProfileName": { "shape": "instanceProfileNameType", - "documentation": "The name of the IAM instance profile from which you want to remove tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The name of the IAM instance profile from which you want to remove tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "TagKeys": { "shape": "tagKeyListType", @@ -9181,7 +9181,7 @@ "members": { "SerialNumber": { "shape": "serialNumberType", - "documentation": "The unique identifier for the IAM virtual MFA device from which you want to remove tags. For virtual MFA devices, the serial number is the same as the ARN.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The unique identifier for the IAM virtual MFA device from which you want to remove tags. For virtual MFA devices, the serial number is the same as the ARN.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "TagKeys": { "shape": "tagKeyListType", @@ -9198,7 +9198,7 @@ "members": { "OpenIDConnectProviderArn": { "shape": "arnType", - "documentation": "The ARN of the OIDC provider in IAM from which you want to remove tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The ARN of the OIDC provider in IAM from which you want to remove tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "TagKeys": { "shape": "tagKeyListType", @@ -9215,7 +9215,7 @@ "members": { "PolicyArn": { "shape": "arnType", - "documentation": "The ARN of the IAM customer managed policy from which you want to remove tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The ARN of the IAM customer managed policy from which you want to remove tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "TagKeys": { "shape": "tagKeyListType", @@ -9249,7 +9249,7 @@ "members": { "SAMLProviderArn": { "shape": "arnType", - "documentation": "The ARN of the SAML identity provider in IAM from which you want to remove tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The ARN of the SAML identity provider in IAM from which you want to remove tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "TagKeys": { "shape": "tagKeyListType", @@ -9266,7 +9266,7 @@ "members": { "ServerCertificateName": { "shape": "serverCertificateNameType", - "documentation": "The name of the IAM server certificate from which you want to remove tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The name of the IAM server certificate from which you want to remove tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "TagKeys": { "shape": "tagKeyListType", @@ -9283,7 +9283,7 @@ "members": { "UserName": { "shape": "existingUserNameType", - "documentation": "The name of the IAM user from which you want to remove tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
" + "documentation": "The name of the IAM user from which you want to remove tags.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
" }, "TagKeys": { "shape": "tagKeyListType", @@ -9308,7 +9308,7 @@ }, "Status": { "shape": "statusType", - "documentation": " The status you want to assign to the secret access key. Active means that the key can be used for programmatic calls to AWS, while Inactive means that the key cannot be used.
The status you want to assign to the secret access key. Active means that the key can be used for programmatic calls to Amazon Web Services, while Inactive means that the key cannot be used.
Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see Letting IAM users change their own passwords in the IAM User Guide.
If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users in the account do not automatically have permissions to change their own password.
Allows all IAM users in your account to use the Management Console to change their own passwords. For more information, see Letting IAM users change their own passwords in the IAM User Guide.
If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users in the account do not automatically have permissions to change their own password.
The policy that grants an entity permission to assume the role.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The policy that grants an entity permission to assume the role.
You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
The new password for the specified IAM user.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
However, the format can be further restricted by the account administrator by setting a password policy on the AWS account. For more information, see UpdateAccountPasswordPolicy.
" + "documentation": "The new password for the specified IAM user.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)
The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)
However, the format can be further restricted by the account administrator by setting a password policy on the account. For more information, see UpdateAccountPasswordPolicy.
" }, "PasswordResetRequired": { "shape": "booleanObjectType", @@ -9419,7 +9419,7 @@ "members": { "OpenIDConnectProviderArn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" }, "ThumbprintList": { "shape": "thumbprintListType", @@ -9469,7 +9469,7 @@ }, "MaxSessionDuration": { "shape": "roleMaxSessionDurationType", - "documentation": "The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.
The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
Anyone who assumes the role from the CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.
The Amazon Resource Name (ARN) of the SAML provider to update.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the SAML provider to update.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
" } } }, @@ -9522,7 +9522,7 @@ }, "Status": { "shape": "statusType", - "documentation": "The status to assign to the SSH public key. Active means that the key can be used for authentication with an AWS CodeCommit repository. Inactive means that the key cannot be used.
The status to assign to the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
The status you want to assign to the certificate. Active means that the certificate can be used for programmatic calls to AWS Inactive means that the certificate cannot be used.
The status you want to assign to the certificate. Active means that the certificate can be used for programmatic calls to Amazon Web Services Inactive means that the certificate cannot be used.
The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential reports topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:
The user never had a password.
A password exists but has not been used since IAM started tracking this information on October 20, 2014.
A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.
This value is returned only in the GetUser and ListUsers operations.
" + "documentation": "The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user's last sign-in time, see the Credential reports topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:
The user never had a password.
A password exists but has not been used since IAM started tracking this information on October 20, 2014.
A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.
This value is returned only in the GetUser and ListUsers operations.
" }, "PermissionsBoundary": { "shape": "AttachedPermissionsBoundary", @@ -9866,7 +9866,7 @@ }, "arnType": { "type": "string", - "documentation": "The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) in the AWS General Reference.
", + "documentation": "The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
", "max": 2048, "min": 20 }, @@ -10436,5 +10436,5 @@ "pattern": "[\\w+=,.@-]+" } }, - "documentation": "AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access. For more information about IAM, see AWS Identity and Access Management (IAM) and the AWS Identity and Access Management User Guide.
" + "documentation": "Identity and Access Management (IAM) is a web service for securely controlling access to Amazon Web Services services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which Amazon Web Services resources users and applications can access. For more information about IAM, see Identity and Access Management (IAM) and the Identity and Access Management User Guide.
" } \ No newline at end of file diff --git a/apis/iotsitewise-2019-12-02.min.json b/apis/iotsitewise-2019-12-02.min.json index 05c441ffd4..4d2c404360 100644 --- a/apis/iotsitewise-2019-12-02.min.json +++ b/apis/iotsitewise-2019-12-02.min.json @@ -1299,6 +1299,35 @@ "hostPrefix": "monitor." } }, + "DescribeStorageConfiguration": { + "http": { + "method": "GET", + "requestUri": "/configuration/account/storage" + }, + "input": { + "type": "structure", + "members": {} + }, + "output": { + "type": "structure", + "required": [ + "storageType", + "configurationStatus" + ], + "members": { + "storageType": {}, + "multiLayerStorage": { + "shape": "S53" + }, + "configurationStatus": { + "shape": "S4e" + }, + "lastUpdateDate": { + "type": "timestamp" + } + } + } + }, "DisassociateAssets": { "http": { "requestUri": "/assets/{assetId}/disassociate" @@ -1363,7 +1392,7 @@ "locationName": "resolution" }, "qualities": { - "shape": "S55", + "shape": "S5a", "location": "querystring", "locationName": "qualities" }, @@ -1509,7 +1538,7 @@ "type": "timestamp" }, "qualities": { - "shape": "S55", + "shape": "S5a", "location": "querystring", "locationName": "qualities" }, @@ -2370,6 +2399,39 @@ "hostPrefix": "model." } }, + "PutStorageConfiguration": { + "http": { + "requestUri": "/configuration/account/storage" + }, + "input": { + "type": "structure", + "required": [ + "storageType" + ], + "members": { + "storageType": {}, + "multiLayerStorage": { + "shape": "S53" + } + } + }, + "output": { + "type": "structure", + "required": [ + "storageType", + "configurationStatus" + ], + "members": { + "storageType": {}, + "multiLayerStorage": { + "shape": "S53" + }, + "configurationStatus": { + "shape": "S4e" + } + } + } + }, "TagResource": { "http": { "requestUri": "/tags" @@ -3248,7 +3310,26 @@ "level": {} } }, - "S55": { + "S53": { + "type": "structure", + "required": [ + "customerManagedS3Storage" + ], + "members": { + "customerManagedS3Storage": { + "type": "structure", + "required": [ + "s3ResourceArn", + "roleArn" + ], + "members": { + "s3ResourceArn": {}, + "roleArn": {} + } + } + } + }, + "S5a": { "type": "list", "member": {} } diff --git a/apis/iotsitewise-2019-12-02.normal.json b/apis/iotsitewise-2019-12-02.normal.json index 499f8f1874..b321abe949 100644 --- a/apis/iotsitewise-2019-12-02.normal.json +++ b/apis/iotsitewise-2019-12-02.normal.json @@ -41,7 +41,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Associates a child asset with the given parent asset through a hierarchy defined in the parent asset's model. For more information, see Associating assets in the AWS IoT SiteWise User Guide.
", + "documentation": "Associates a child asset with the given parent asset through a hierarchy defined in the parent asset's model. For more information, see Associating assets in the IoT SiteWise User Guide.
", "endpoint": { "hostPrefix": "model." } @@ -76,7 +76,7 @@ "shape": "LimitExceededException" } ], - "documentation": "Associates a group (batch) of assets with an AWS IoT SiteWise Monitor project.
", + "documentation": "Associates a group (batch) of assets with an IoT SiteWise Monitor project.
", "endpoint": { "hostPrefix": "monitor." } @@ -108,7 +108,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Disassociates a group (batch) of assets from an AWS IoT SiteWise Monitor project.
", + "documentation": "Disassociates a group (batch) of assets from an IoT SiteWise Monitor project.
", "endpoint": { "hostPrefix": "monitor." } @@ -148,7 +148,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Sends a list of asset property values to AWS IoT SiteWise. Each value is a timestamp-quality-value (TQV) data point. For more information, see Ingesting data using the API in the AWS IoT SiteWise User Guide.
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
With respect to Unix epoch time, AWS IoT SiteWise accepts only TQVs that have a timestamp of no more than 7 days in the past and no more than 10 minutes in the future. AWS IoT SiteWise rejects timestamps outside of the inclusive range of [-7 days, +10 minutes] and returns a TimestampOutOfRangeException error.
For each asset property, AWS IoT SiteWise overwrites TQVs with duplicate timestamps unless the newer TQV has a different quality. For example, if you store a TQV {T1, GOOD, V1}, then storing {T1, GOOD, V2} replaces the existing TQV.
AWS IoT SiteWise authorizes access to each BatchPutAssetPropertyValue entry individually. For more information, see BatchPutAssetPropertyValue authorization in the AWS IoT SiteWise User Guide.
Sends a list of asset property values to IoT SiteWise. Each value is a timestamp-quality-value (TQV) data point. For more information, see Ingesting data using the API in the IoT SiteWise User Guide.
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
With respect to Unix epoch time, IoT SiteWise accepts only TQVs that have a timestamp of no more than 7 days in the past and no more than 10 minutes in the future. IoT SiteWise rejects timestamps outside of the inclusive range of [-7 days, +10 minutes] and returns a TimestampOutOfRangeException error.
For each asset property, IoT SiteWise overwrites TQVs with duplicate timestamps unless the newer TQV has a different quality. For example, if you store a TQV {T1, GOOD, V1}, then storing {T1, GOOD, V2} replaces the existing TQV.
IoT SiteWise authorizes access to each BatchPutAssetPropertyValue entry individually. For more information, see BatchPutAssetPropertyValue authorization in the IoT SiteWise User Guide.
Creates an access policy that grants the specified identity (AWS SSO user, AWS SSO group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.
", + "documentation": "Creates an access policy that grants the specified identity (Amazon Web Services SSO user, Amazon Web Services SSO group, or IAM user) access to the specified IoT SiteWise Monitor portal or project resource.
", "endpoint": { "hostPrefix": "monitor." } @@ -224,7 +224,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Creates an asset from an existing asset model. For more information, see Creating assets in the AWS IoT SiteWise User Guide.
", + "documentation": "Creates an asset from an existing asset model. For more information, see Creating assets in the IoT SiteWise User Guide.
", "endpoint": { "hostPrefix": "model." } @@ -265,7 +265,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Creates an asset model from specified property and hierarchy definitions. You create assets from asset models. With asset models, you can easily create assets of the same type that have standardized definitions. Each asset created from a model inherits the asset model's property and hierarchy definitions. For more information, see Defining asset models in the AWS IoT SiteWise User Guide.
", + "documentation": "Creates an asset model from specified property and hierarchy definitions. You create assets from asset models. With asset models, you can easily create assets of the same type that have standardized definitions. Each asset created from a model inherits the asset model's property and hierarchy definitions. For more information, see Defining asset models in the IoT SiteWise User Guide.
", "endpoint": { "hostPrefix": "model." } @@ -300,7 +300,7 @@ "shape": "LimitExceededException" } ], - "documentation": "Creates a dashboard in an AWS IoT SiteWise Monitor project.
", + "documentation": "Creates a dashboard in an IoT SiteWise Monitor project.
", "endpoint": { "hostPrefix": "monitor." } @@ -335,7 +335,7 @@ "shape": "LimitExceededException" } ], - "documentation": "Creates a gateway, which is a virtual or edge device that delivers industrial data streams from local servers to AWS IoT SiteWise. For more information, see Ingesting data using a gateway in the AWS IoT SiteWise User Guide.
", + "documentation": "Creates a gateway, which is a virtual or edge device that delivers industrial data streams from local servers to IoT SiteWise. For more information, see Ingesting data using a gateway in the IoT SiteWise User Guide.
", "endpoint": { "hostPrefix": "edge." } @@ -370,7 +370,7 @@ "shape": "LimitExceededException" } ], - "documentation": "Creates a portal, which can contain projects and dashboards. AWS IoT SiteWise Monitor uses AWS SSO or IAM to authenticate portal users and manage user permissions.
Before you can sign in to a new portal, you must add at least one identity to that portal. For more information, see Adding or removing portal administrators in the AWS IoT SiteWise User Guide.
Creates a portal, which can contain projects and dashboards. IoT SiteWise Monitor uses Amazon Web Services SSO or IAM to authenticate portal users and manage user permissions.
Before you can sign in to a new portal, you must add at least one identity to that portal. For more information, see Adding or removing portal administrators in the IoT SiteWise User Guide.
Deletes an access policy that grants the specified identity access to the specified AWS IoT SiteWise Monitor resource. You can use this operation to revoke access to an AWS IoT SiteWise Monitor resource.
", + "documentation": "Deletes an access policy that grants the specified identity access to the specified IoT SiteWise Monitor resource. You can use this operation to revoke access to an IoT SiteWise Monitor resource.
", "endpoint": { "hostPrefix": "monitor." } @@ -472,7 +472,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Deletes an asset. This action can't be undone. For more information, see Deleting assets and models in the AWS IoT SiteWise User Guide.
You can't delete an asset that's associated to another asset. For more information, see DisassociateAssets.
Deletes an asset. This action can't be undone. For more information, see Deleting assets and models in the IoT SiteWise User Guide.
You can't delete an asset that's associated to another asset. For more information, see DisassociateAssets.
Deletes an asset model. This action can't be undone. You must delete all assets created from an asset model before you can delete the model. Also, you can't delete an asset model if a parent asset model exists that contains a property formula expression that depends on the asset model that you want to delete. For more information, see Deleting assets and models in the AWS IoT SiteWise User Guide.
", + "documentation": "Deletes an asset model. This action can't be undone. You must delete all assets created from an asset model before you can delete the model. Also, you can't delete an asset model if a parent asset model exists that contains a property formula expression that depends on the asset model that you want to delete. For more information, see Deleting assets and models in the IoT SiteWise User Guide.
", "endpoint": { "hostPrefix": "model." } @@ -539,7 +539,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Deletes a dashboard from AWS IoT SiteWise Monitor.
", + "documentation": "Deletes a dashboard from IoT SiteWise Monitor.
", "endpoint": { "hostPrefix": "monitor." } @@ -567,7 +567,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Deletes a gateway from AWS IoT SiteWise. When you delete a gateway, some of the gateway's files remain in your gateway's file system.
", + "documentation": "Deletes a gateway from IoT SiteWise. When you delete a gateway, some of the gateway's files remain in your gateway's file system.
", "endpoint": { "hostPrefix": "edge." } @@ -602,7 +602,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Deletes a portal from AWS IoT SiteWise Monitor.
", + "documentation": "Deletes a portal from IoT SiteWise Monitor.
", "endpoint": { "hostPrefix": "monitor." } @@ -634,7 +634,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Deletes a project from AWS IoT SiteWise Monitor.
", + "documentation": "Deletes a project from IoT SiteWise Monitor.
", "endpoint": { "hostPrefix": "monitor." } @@ -666,7 +666,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Describes an access policy, which specifies an identity's access to an AWS IoT SiteWise Monitor portal or project.
", + "documentation": "Describes an access policy, which specifies an identity's access to an IoT SiteWise Monitor portal or project.
", "endpoint": { "hostPrefix": "monitor." } @@ -819,7 +819,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Retrieves information about the default encryption configuration for the AWS account in the default or specified region. For more information, see Key management in the AWS IoT SiteWise User Guide.
" + "documentation": "Retrieves information about the default encryption configuration for the Amazon Web Services account in the default or specified Region. For more information, see Key management in the IoT SiteWise User Guide.
" }, "DescribeGateway": { "name": "DescribeGateway", @@ -878,7 +878,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Retrieves information about a gateway capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the AWS IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.
", + "documentation": "Retrieves information about a gateway capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.
", "endpoint": { "hostPrefix": "edge." } @@ -909,7 +909,7 @@ "shape": "ResourceNotFoundException" } ], - "documentation": "Retrieves the current AWS IoT SiteWise logging options.
", + "documentation": "Retrieves the current IoT SiteWise logging options.
", "endpoint": { "hostPrefix": "model." } @@ -978,6 +978,40 @@ "hostPrefix": "monitor." } }, + "DescribeStorageConfiguration": { + "name": "DescribeStorageConfiguration", + "http": { + "method": "GET", + "requestUri": "/configuration/account/storage" + }, + "input": { + "shape": "DescribeStorageConfigurationRequest" + }, + "output": { + "shape": "DescribeStorageConfigurationResponse" + }, + "errors": [ + { + "shape": "InvalidRequestException" + }, + { + "shape": "ResourceNotFoundException" + }, + { + "shape": "InternalFailureException" + }, + { + "shape": "ThrottlingException" + }, + { + "shape": "LimitExceededException" + }, + { + "shape": "ConflictingOperationException" + } + ], + "documentation": "Retrieves information about the storage configuration for IoT SiteWise.
" + }, "DisassociateAssets": { "name": "DisassociateAssets", "http": { @@ -1038,7 +1072,7 @@ "shape": "ServiceUnavailableException" } ], - "documentation": "Gets aggregated values for an asset property. For more information, see Querying aggregates in the AWS IoT SiteWise User Guide.
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
Gets aggregated values for an asset property. For more information, see Querying aggregates in the IoT SiteWise User Guide.
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
Gets an asset property's current value. For more information, see Querying current values in the AWS IoT SiteWise User Guide.
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
Gets an asset property's current value. For more information, see Querying current values in the IoT SiteWise User Guide.
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
Gets the history of an asset property's values. For more information, see Querying historical values in the AWS IoT SiteWise User Guide.
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
Gets the history of an asset property's values. For more information, see Querying historical values in the IoT SiteWise User Guide.
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
Get interpolated values for an asset property for a specified time interval, during a period of time. For example, you can use the this operation to return the interpolated temperature values for a wind turbine every 24 hours over a duration of 7 days.
This API isn't available in China (Beijing).
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
Get interpolated values for an asset property for a specified time interval, during a period of time. For example, you can use the this operation to return the interpolated temperature values for a wind turbine every 24 hours over a duration of 7 days.
To identify an asset property, you must specify one of the following:
The assetId and propertyId of an asset property.
A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). To define an asset property's alias, see UpdateAssetProperty.
Retrieves a paginated list of access policies for an identity (an AWS SSO user, an AWS SSO group, or an IAM user) or an AWS IoT SiteWise Monitor resource (a portal or project).
", + "documentation": "Retrieves a paginated list of access policies for an identity (an Amazon Web Services SSO user, an Amazon Web Services SSO group, or an IAM user) or an IoT SiteWise Monitor resource (a portal or project).
", "endpoint": { "hostPrefix": "monitor." } @@ -1319,7 +1353,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Retrieves a paginated list of dashboards for an AWS IoT SiteWise Monitor project.
", + "documentation": "Retrieves a paginated list of dashboards for an IoT SiteWise Monitor project.
", "endpoint": { "hostPrefix": "monitor." } @@ -1376,7 +1410,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Retrieves a paginated list of AWS IoT SiteWise Monitor portals.
", + "documentation": "Retrieves a paginated list of IoT SiteWise Monitor portals.
", "endpoint": { "hostPrefix": "monitor." } @@ -1405,7 +1439,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Retrieves a paginated list of assets associated with an AWS IoT SiteWise Monitor project.
", + "documentation": "Retrieves a paginated list of assets associated with an IoT SiteWise Monitor project.
", "endpoint": { "hostPrefix": "monitor." } @@ -1434,7 +1468,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Retrieves a paginated list of projects for an AWS IoT SiteWise Monitor portal.
", + "documentation": "Retrieves a paginated list of projects for an IoT SiteWise Monitor portal.
", "endpoint": { "hostPrefix": "monitor." } @@ -1474,7 +1508,7 @@ "shape": "UnauthorizedException" } ], - "documentation": "Retrieves the list of tags for an AWS IoT SiteWise resource.
" + "documentation": "Retrieves the list of tags for an IoT SiteWise resource.
" }, "PutDefaultEncryptionConfiguration": { "name": "PutDefaultEncryptionConfiguration", @@ -1505,7 +1539,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Sets the default encryption configuration for the AWS account. For more information, see Key management in the AWS IoT SiteWise User Guide.
" + "documentation": "Sets the default encryption configuration for the Amazon Web Services account. For more information, see Key management in the IoT SiteWise User Guide.
" }, "PutLoggingOptions": { "name": "PutLoggingOptions", @@ -1536,11 +1570,48 @@ "shape": "ResourceNotFoundException" } ], - "documentation": "Sets logging options for AWS IoT SiteWise.
", + "documentation": "Sets logging options for IoT SiteWise.
", "endpoint": { "hostPrefix": "model." } }, + "PutStorageConfiguration": { + "name": "PutStorageConfiguration", + "http": { + "method": "POST", + "requestUri": "/configuration/account/storage" + }, + "input": { + "shape": "PutStorageConfigurationRequest" + }, + "output": { + "shape": "PutStorageConfigurationResponse" + }, + "errors": [ + { + "shape": "InvalidRequestException" + }, + { + "shape": "ResourceAlreadyExistsException" + }, + { + "shape": "ResourceNotFoundException" + }, + { + "shape": "InternalFailureException" + }, + { + "shape": "ThrottlingException" + }, + { + "shape": "LimitExceededException" + }, + { + "shape": "ConflictingOperationException" + } + ], + "documentation": "Configures storage settings for IoT SiteWise.
" + }, "TagResource": { "name": "TagResource", "http": { @@ -1579,7 +1650,7 @@ "shape": "TooManyTagsException" } ], - "documentation": "Adds tags to an AWS IoT SiteWise resource. If a tag already exists for the resource, this operation updates the tag's value.
" + "documentation": "Adds tags to an IoT SiteWise resource. If a tag already exists for the resource, this operation updates the tag's value.
" }, "UntagResource": { "name": "UntagResource", @@ -1616,7 +1687,7 @@ "shape": "UnauthorizedException" } ], - "documentation": "Removes a tag from an AWS IoT SiteWise resource.
" + "documentation": "Removes a tag from an IoT SiteWise resource.
" }, "UpdateAccessPolicy": { "name": "UpdateAccessPolicy", @@ -1645,7 +1716,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Updates an existing access policy that specifies an identity's access to an AWS IoT SiteWise Monitor portal or project resource.
", + "documentation": "Updates an existing access policy that specifies an identity's access to an IoT SiteWise Monitor portal or project resource.
", "endpoint": { "hostPrefix": "monitor." } @@ -1683,7 +1754,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Updates an asset's name. For more information, see Updating assets and models in the AWS IoT SiteWise User Guide.
", + "documentation": "Updates an asset's name. For more information, see Updating assets and models in the IoT SiteWise User Guide.
", "endpoint": { "hostPrefix": "model." } @@ -1724,7 +1795,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Updates an asset model and all of the assets that were created from the model. Each asset created from the model inherits the updated asset model's property and hierarchy definitions. For more information, see Updating assets and models in the AWS IoT SiteWise User Guide.
This operation overwrites the existing model with the provided model. To avoid deleting your asset model's properties or hierarchies, you must include their IDs and definitions in the updated asset model payload. For more information, see DescribeAssetModel.
If you remove a property from an asset model, AWS IoT SiteWise deletes all previous data for that property. If you remove a hierarchy definition from an asset model, AWS IoT SiteWise disassociates every asset associated with that hierarchy. You can't change the type or data type of an existing property.
Updates an asset model and all of the assets that were created from the model. Each asset created from the model inherits the updated asset model's property and hierarchy definitions. For more information, see Updating assets and models in the IoT SiteWise User Guide.
This operation overwrites the existing model with the provided model. To avoid deleting your asset model's properties or hierarchies, you must include their IDs and definitions in the updated asset model payload. For more information, see DescribeAssetModel.
If you remove a property from an asset model, IoT SiteWise deletes all previous data for that property. If you remove a hierarchy definition from an asset model, IoT SiteWise disassociates every asset associated with that hierarchy. You can't change the type or data type of an existing property.
Updates an AWS IoT SiteWise Monitor dashboard.
", + "documentation": "Updates an IoT SiteWise Monitor dashboard.
", "endpoint": { "hostPrefix": "monitor." } @@ -1856,7 +1927,7 @@ "shape": "LimitExceededException" } ], - "documentation": "Updates a gateway capability configuration or defines a new capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the AWS IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.
", + "documentation": "Updates a gateway capability configuration or defines a new capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.
", "endpoint": { "hostPrefix": "edge." } @@ -1891,7 +1962,7 @@ "shape": "ConflictingOperationException" } ], - "documentation": "Updates an AWS IoT SiteWise Monitor portal.
", + "documentation": "Updates an IoT SiteWise Monitor portal.
", "endpoint": { "hostPrefix": "monitor." } @@ -1923,7 +1994,7 @@ "shape": "ThrottlingException" } ], - "documentation": "Updates an AWS IoT SiteWise Monitor project.
", + "documentation": "Updates an IoT SiteWise Monitor project.
", "endpoint": { "hostPrefix": "monitor." } @@ -1957,11 +2028,11 @@ }, "identity": { "shape": "Identity", - "documentation": "The identity (an AWS SSO user, an AWS SSO group, or an IAM user).
" + "documentation": "The identity (an Amazon Web Services SSO user, an Amazon Web Services SSO group, or an IAM user).
" }, "resource": { "shape": "Resource", - "documentation": "The AWS IoT SiteWise Monitor resource (a portal or project).
" + "documentation": "The IoT SiteWise Monitor resource (a portal or project).
" }, "permission": { "shape": "Permission", @@ -1976,7 +2047,7 @@ "documentation": "The date the access policy was last updated, in Unix epoch time.
" } }, - "documentation": "Contains an access policy that defines an identity's access to an AWS IoT SiteWise Monitor resource.
" + "documentation": "Contains an access policy that defines an identity's access to an IoT SiteWise Monitor resource.
" }, "AggregateType": { "type": "string", @@ -2065,14 +2136,14 @@ "members": { "alarmRoleArn": { "shape": "ARN", - "documentation": "The ARN of the IAM role that allows the alarm to perform actions and access AWS resources, including AWS IoT Events.
" + "documentation": "The ARN of the IAM role that allows the alarm to perform actions and access Amazon Web Services resources and services, such as IoT Events.
" }, "notificationLambdaArn": { "shape": "ARN", - "documentation": "The ARN of the AWS Lambda function that manages alarm notifications. For more information, see Managing alarm notifications in the AWS IoT Events Developer Guide.
" + "documentation": "The ARN of the Lambda function that manages alarm notifications. For more information, see Managing alarm notifications in the IoT Events Developer Guide.
" } }, - "documentation": "Contains the configuration information of an alarm created in an AWS IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see .
" + "documentation": "Contains the configuration information of an alarm created in an IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see Monitoring with alarms in the IoT SiteWise Application Guide.
" }, "AmazonResourceName": { "type": "string", @@ -2407,7 +2478,7 @@ "documentation": "Contains associated error information, if any.
" } }, - "documentation": "Contains current status information for an asset model. For more information, see Asset and model states in the AWS IoT SiteWise User Guide.
" + "documentation": "Contains current status information for an asset model. For more information, see Asset and model states in the IoT SiteWise User Guide.
" }, "AssetModelSummaries": { "type": "list", @@ -2429,7 +2500,7 @@ "members": { "id": { "shape": "ID", - "documentation": "The ID of the asset model (used with AWS IoT SiteWise APIs).
" + "documentation": "The ID of the asset model (used with IoT SiteWise APIs).
" }, "arn": { "shape": "ARN", @@ -2482,7 +2553,7 @@ }, "alias": { "shape": "PropertyAlias", - "documentation": "The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.
The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.
Contains associated error information, if any.
" } }, - "documentation": "Contains information about the current status of an asset. For more information, see Asset and model states in the AWS IoT SiteWise User Guide.
" + "documentation": "Contains information about the current status of an asset. For more information, see Asset and model states in the IoT SiteWise User Guide.
" }, "AssetSummaries": { "type": "list", @@ -2669,7 +2740,7 @@ }, "hierarchyId": { "shape": "ID", - "documentation": "The ID of a hierarchy in the parent asset's model. Hierarchies allow different groupings of assets to be formed that all come from the same asset model. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.
" + "documentation": "The ID of a hierarchy in the parent asset's model. Hierarchies allow different groupings of assets to be formed that all come from the same asset model. For more information, see Asset hierarchies in the IoT SiteWise User Guide.
" }, "childAssetId": { "shape": "ID", @@ -2741,10 +2812,10 @@ "members": { "defaultValue": { "shape": "DefaultValue", - "documentation": "The default value of the asset model property attribute. All assets that you create from the asset model contain this attribute value. You can update an attribute's value after you create an asset. For more information, see Updating attribute values in the AWS IoT SiteWise User Guide.
" + "documentation": "The default value of the asset model property attribute. All assets that you create from the asset model contain this attribute value. You can update an attribute's value after you create an asset. For more information, see Updating attribute values in the IoT SiteWise User Guide.
" } }, - "documentation": "Contains an asset attribute property. For more information, see Attributes in the AWS IoT SiteWise User Guide.
" + "documentation": "Contains an asset attribute property. For more information, see Attributes in the IoT SiteWise User Guide.
" }, "AuthMode": { "type": "string", @@ -2985,7 +3056,7 @@ "documentation": "The error message.
" } }, - "documentation": "Contains the details of an AWS IoT SiteWise configuration error.
" + "documentation": "Contains the details of an IoT SiteWise configuration error.
" }, "ConfigurationState": { "type": "string", @@ -3022,11 +3093,11 @@ "members": { "accessPolicyIdentity": { "shape": "Identity", - "documentation": "The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.
" + "documentation": "The identity for this access policy. Choose an Amazon Web Services SSO user, an Amazon Web Services SSO group, or an IAM user.
" }, "accessPolicyResource": { "shape": "Resource", - "documentation": "The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
" + "documentation": "The IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
" }, "accessPolicyPermission": { "shape": "Permission", @@ -3039,7 +3110,7 @@ }, "tags": { "shape": "TagMap", - "documentation": "A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
" + "documentation": "A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.
" } } }, @@ -3076,11 +3147,11 @@ }, "assetModelProperties": { "shape": "AssetModelPropertyDefinitions", - "documentation": "The property definitions of the asset model. For more information, see Asset properties in the AWS IoT SiteWise User Guide.
You can specify up to 200 properties per asset model. For more information, see Quotas in the AWS IoT SiteWise User Guide.
" + "documentation": "The property definitions of the asset model. For more information, see Asset properties in the IoT SiteWise User Guide.
You can specify up to 200 properties per asset model. For more information, see Quotas in the IoT SiteWise User Guide.
" }, "assetModelHierarchies": { "shape": "AssetModelHierarchyDefinitions", - "documentation": "The hierarchy definitions of the asset model. Each hierarchy specifies an asset model whose assets can be children of any other assets created from this asset model. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.
You can specify up to 10 hierarchies per asset model. For more information, see Quotas in the AWS IoT SiteWise User Guide.
" + "documentation": "The hierarchy definitions of the asset model. Each hierarchy specifies an asset model whose assets can be children of any other assets created from this asset model. For more information, see Asset hierarchies in the IoT SiteWise User Guide.
You can specify up to 10 hierarchies per asset model. For more information, see Quotas in the IoT SiteWise User Guide.
" }, "assetModelCompositeModels": { "shape": "AssetModelCompositeModelDefinitions", @@ -3093,7 +3164,7 @@ }, "tags": { "shape": "TagMap", - "documentation": "A list of key-value pairs that contain metadata for the asset model. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
" + "documentation": "A list of key-value pairs that contain metadata for the asset model. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.
" } } }, @@ -3107,7 +3178,7 @@ "members": { "assetModelId": { "shape": "ID", - "documentation": "The ID of the asset model. You can use this ID when you call other AWS IoT SiteWise APIs.
" + "documentation": "The ID of the asset model. You can use this ID when you call other IoT SiteWise APIs.
" }, "assetModelArn": { "shape": "ARN", @@ -3141,7 +3212,7 @@ }, "tags": { "shape": "TagMap", - "documentation": "A list of key-value pairs that contain metadata for the asset. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
" + "documentation": "A list of key-value pairs that contain metadata for the asset. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.
" } } }, @@ -3155,7 +3226,7 @@ "members": { "assetId": { "shape": "ID", - "documentation": "The ID of the asset. This ID uniquely identifies the asset within AWS IoT SiteWise and can be used with other AWS IoT SiteWise APIs.
" + "documentation": "The ID of the asset. This ID uniquely identifies the asset within IoT SiteWise and can be used with other IoT SiteWise APIs.
" }, "assetArn": { "shape": "ARN", @@ -3189,7 +3260,7 @@ }, "dashboardDefinition": { "shape": "DashboardDefinition", - "documentation": "The dashboard definition specified in a JSON literal. For detailed information, see Creating dashboards (CLI) in the AWS IoT SiteWise User Guide.
" + "documentation": "The dashboard definition specified in a JSON literal. For detailed information, see Creating dashboards (CLI) in the IoT SiteWise User Guide.
" }, "clientToken": { "shape": "ClientToken", @@ -3198,7 +3269,7 @@ }, "tags": { "shape": "TagMap", - "documentation": "A list of key-value pairs that contain metadata for the dashboard. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
" + "documentation": "A list of key-value pairs that contain metadata for the dashboard. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.
" } } }, @@ -3236,7 +3307,7 @@ }, "tags": { "shape": "TagMap", - "documentation": "A list of key-value pairs that contain metadata for the gateway. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
" + "documentation": "A list of key-value pairs that contain metadata for the gateway. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.
" } } }, @@ -3249,7 +3320,7 @@ "members": { "gatewayId": { "shape": "ID", - "documentation": "The ID of the gateway device. You can use this ID when you call other AWS IoT SiteWise APIs.
" + "documentation": "The ID of the gateway device. You can use this ID when you call other IoT SiteWise APIs.
" }, "gatewayArn": { "shape": "ARN", @@ -3275,7 +3346,7 @@ }, "portalContactEmail": { "shape": "Email", - "documentation": "The AWS administrator's contact email address.
" + "documentation": "The Amazon Web Services administrator's contact email address.
" }, "clientToken": { "shape": "ClientToken", @@ -3288,23 +3359,23 @@ }, "roleArn": { "shape": "ARN", - "documentation": "The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide.
" + "documentation": "The ARN of a service role that allows the portal's users to access your IoT SiteWise resources on your behalf. For more information, see Using service roles for IoT SiteWise Monitor in the IoT SiteWise User Guide.
" }, "tags": { "shape": "TagMap", - "documentation": "A list of key-value pairs that contain metadata for the portal. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
" + "documentation": "A list of key-value pairs that contain metadata for the portal. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.
" }, "portalAuthMode": { "shape": "AuthMode", - "documentation": "The service to use to authenticate users to the portal. Choose from the following options:
SSO – The portal uses AWS Single Sign-On to authenticate users and manage user permissions. Before you can create a portal that uses AWS SSO, you must enable AWS SSO. For more information, see Enabling AWS SSO in the AWS IoT SiteWise User Guide. This option is only available in AWS Regions other than the China Regions.
IAM – The portal uses AWS Identity and Access Management (IAM) to authenticate users and manage user permissions. This option is only available in the China Regions.
You can't change this value after you create a portal.
Default: SSO
The service to use to authenticate users to the portal. Choose from the following options:
SSO – The portal uses Amazon Web Services Single Sign On to authenticate users and manage user permissions. Before you can create a portal that uses Amazon Web Services SSO, you must enable Amazon Web Services SSO. For more information, see Enabling Amazon Web Services SSO in the IoT SiteWise User Guide. This option is only available in Amazon Web Services Regions other than the China Regions.
IAM – The portal uses Identity and Access Management to authenticate users and manage user permissions. This option is only available in the China Regions.
You can't change this value after you create a portal.
Default: SSO
The email address that sends alarm notifications.
If you use the AWS IoT Events managed AWS Lambda function to manage your emails, you must verify the sender email address in Amazon SES.
The email address that sends alarm notifications.
If you use the IoT Events managed Lambda function to manage your emails, you must verify the sender email address in Amazon SES.
Contains the configuration information of an alarm created in an AWS IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see .
" + "documentation": "Contains the configuration information of an alarm created in an IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see Monitoring with alarms in the IoT SiteWise Application Guide.
" } } }, @@ -3328,7 +3399,7 @@ }, "portalStartUrl": { "shape": "Url", - "documentation": "The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the AWS IoT SiteWise console to get a URL that you can use to access the portal.
" + "documentation": "The URL for the IoT SiteWise Monitor portal. You can use this URL to access portals that use Amazon Web Services SSO for authentication. For portals that use IAM for authentication, you must use the IoT SiteWise console to get a URL that you can use to access the portal.
" }, "portalStatus": { "shape": "PortalStatus", @@ -3336,7 +3407,7 @@ }, "ssoApplicationId": { "shape": "SSOApplicationId", - "documentation": "The associated AWS SSO application ID, if the portal uses AWS SSO.
" + "documentation": "The associated Amazon Web Services SSO application ID, if the portal uses Amazon Web Services SSO.
" } } }, @@ -3366,7 +3437,7 @@ }, "tags": { "shape": "TagMap", - "documentation": "A list of key-value pairs that contain metadata for the project. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
" + "documentation": "A list of key-value pairs that contain metadata for the project. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.
" } } }, @@ -3387,6 +3458,24 @@ } } }, + "CustomerManagedS3Storage": { + "type": "structure", + "required": [ + "s3ResourceArn", + "roleArn" + ], + "members": { + "s3ResourceArn": { + "shape": "ARN", + "documentation": "The ARN of the Amazon S3 object. For more information about how to find the ARN for an Amazon S3 object, see Amazon S3 resources in the Amazon Simple Storage Service User Guide.
" + }, + "roleArn": { + "shape": "ARN", + "documentation": "The ARN of the Identity and Access Management role that allows IoT SiteWise to send data to Amazon S3.
" + } + }, + "documentation": "Contains information about a customer managed Amazon S3 bucket.
" + }, "DashboardDefinition": { "type": "string", "max": 204800, @@ -3659,11 +3748,11 @@ }, "accessPolicyIdentity": { "shape": "Identity", - "documentation": "The identity (AWS SSO user, AWS SSO group, or IAM user) to which this access policy applies.
" + "documentation": "The identity (Amazon Web Services SSO user, Amazon Web Services SSO group, or IAM user) to which this access policy applies.
" }, "accessPolicyResource": { "shape": "Resource", - "documentation": "The AWS IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.
" + "documentation": "The IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.
" }, "accessPolicyPermission": { "shape": "Permission", @@ -3918,7 +4007,7 @@ }, "dashboardDefinition": { "shape": "DashboardDefinition", - "documentation": "The dashboard's definition JSON literal. For detailed information, see Creating dashboards (CLI) in the AWS IoT SiteWise User Guide.
" + "documentation": "The dashboard's definition JSON literal. For detailed information, see Creating dashboards (CLI) in the IoT SiteWise User Guide.
" }, "dashboardCreationDate": { "shape": "Timestamp", @@ -3947,7 +4036,7 @@ }, "kmsKeyArn": { "shape": "ARN", - "documentation": "The key ARN of the customer managed customer master key (CMK) used for AWS KMS encryption if you use KMS_BASED_ENCRYPTION.
The key ARN of the customer managed customer master key (CMK) used for KMS encryption if you use KMS_BASED_ENCRYPTION.
The namespace of the capability configuration. For example, if you configure OPC-UA sources from the AWS IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.
The namespace of the capability configuration. For example, if you configure OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.
The JSON document that defines the gateway capability's configuration. For more information, see Configuring data sources (CLI) in the AWS IoT SiteWise User Guide.
" + "documentation": "The JSON document that defines the gateway capability's configuration. For more information, see Configuring data sources (CLI) in the IoT SiteWise User Guide.
" }, "capabilitySyncStatus": { "shape": "CapabilitySyncStatus", @@ -4120,15 +4209,15 @@ }, "portalClientId": { "shape": "PortalClientId", - "documentation": "The AWS SSO application generated client ID (used with AWS SSO APIs). AWS IoT SiteWise includes portalClientId for only portals that use AWS SSO to authenticate users.
The Amazon Web Services SSO application generated client ID (used with Amazon Web Services SSO APIs). IoT SiteWise includes portalClientId for only portals that use Amazon Web Services SSO to authenticate users.
The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the AWS IoT SiteWise console to get a URL that you can use to access the portal.
" + "documentation": "The URL for the IoT SiteWise Monitor portal. You can use this URL to access portals that use Amazon Web Services SSO for authentication. For portals that use IAM for authentication, you must use the IoT SiteWise console to get a URL that you can use to access the portal.
" }, "portalContactEmail": { "shape": "Email", - "documentation": "The AWS administrator's contact email address.
" + "documentation": "The Amazon Web Services administrator's contact email address.
" }, "portalStatus": { "shape": "PortalStatus", @@ -4148,7 +4237,7 @@ }, "roleArn": { "shape": "ARN", - "documentation": "The ARN of the service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide.
" + "documentation": "The ARN of the service role that allows the portal's users to access your IoT SiteWise resources on your behalf. For more information, see Using service roles for IoT SiteWise Monitor in the IoT SiteWise User Guide.
" }, "portalAuthMode": { "shape": "AuthMode", @@ -4160,7 +4249,7 @@ }, "alarms": { "shape": "Alarms", - "documentation": "Contains the configuration information of an alarm created in a AWS IoT SiteWise Monitor portal.
" + "documentation": "Contains the configuration information of an alarm created in an IoT SiteWise Monitor portal.
" } } }, @@ -4219,6 +4308,34 @@ } } }, + "DescribeStorageConfigurationRequest": { + "type": "structure", + "members": {} + }, + "DescribeStorageConfigurationResponse": { + "type": "structure", + "required": [ + "storageType", + "configurationStatus" + ], + "members": { + "storageType": { + "shape": "StorageType", + "documentation": "The type of storage that you specified for your data. The storage type can be one of the following values:
SITEWISE_DEFAULT_STORAGE – IoT SiteWise replicates your data into a service managed database.
MULTI_LAYER_STORAGE – IoT SiteWise replicates your data into a service managed database and saves a copy of your raw data and metadata in an Amazon S3 object that you specified.
Contains information about the storage destination.
" + }, + "configurationStatus": { + "shape": "ConfigurationStatus" + }, + "lastUpdateDate": { + "shape": "Timestamp", + "documentation": "The date the storage configuration was last updated, in Unix epoch time.
" + } + } + }, "Description": { "type": "string", "max": 2048, @@ -4241,7 +4358,7 @@ }, "hierarchyId": { "shape": "ID", - "documentation": "The ID of a hierarchy in the parent asset's model. Hierarchies allow different groupings of assets to be formed that all come from the same asset model. You can use the hierarchy ID to identify the correct asset to disassociate. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.
" + "documentation": "The ID of a hierarchy in the parent asset's model. Hierarchies allow different groupings of assets to be formed that all come from the same asset model. You can use the hierarchy ID to identify the correct asset to disassociate. For more information, see Asset hierarchies in the IoT SiteWise User Guide.
" }, "childAssetId": { "shape": "ID", @@ -4296,7 +4413,7 @@ "documentation": "The error message.
" } }, - "documentation": "Contains the details of an AWS IoT SiteWise error.
" + "documentation": "Contains the details of an IoT SiteWise error.
" }, "ErrorMessage": { "type": "string" @@ -4345,7 +4462,7 @@ "members": { "capabilityNamespace": { "shape": "CapabilityNamespace", - "documentation": "The namespace of the capability configuration. For example, if you configure OPC-UA sources from the AWS IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.
The namespace of the capability configuration. For example, if you configure OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.
A gateway that runs on AWS IoT Greengrass.
" + "documentation": "A gateway that runs on IoT Greengrass.
" } }, "documentation": "Contains a gateway's platform information.
" @@ -4428,7 +4545,7 @@ }, "propertyAlias": { "shape": "AssetPropertyAlias", - "documentation": "The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.
The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.
The maximum number of results to be returned per paginated request.
Default: 100
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 100
", "location": "querystring", "locationName": "maxResults" } @@ -4515,7 +4632,7 @@ }, "propertyAlias": { "shape": "AssetPropertyAlias", - "documentation": "The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.
The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.
The maximum number of results to be returned per paginated request.
Default: 100
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 100
", "location": "querystring", "locationName": "maxResults" } @@ -4590,7 +4707,7 @@ }, "propertyAlias": { "shape": "AssetPropertyAlias", - "documentation": "The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.
The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.
The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.
The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.
The maximum number of results to be returned per paginated request. If not specified, the default value is 10.
", + "documentation": "The maximum number of results to return for each paginated request. If not specified, the default value is 10.
", "location": "querystring", "locationName": "maxResults" }, @@ -4713,10 +4830,10 @@ "members": { "groupArn": { "shape": "ARN", - "documentation": "The ARN of the Greengrass group. For more information about how to find a group's ARN, see ListGroups and GetGroup in the AWS IoT Greengrass API Reference.
" + "documentation": "The ARN of the Greengrass group. For more information about how to find a group's ARN, see ListGroups and GetGroup in the IoT Greengrass API Reference.
" } }, - "documentation": "Contains details for a gateway that runs on AWS IoT Greengrass. To create a gateway that runs on AWS IoT Greengrass, you must add the IoT SiteWise connector to a Greengrass group and deploy it. Your Greengrass group must also have permissions to upload data to AWS IoT SiteWise. For more information, see Ingesting data using a gateway in the AWS IoT SiteWise User Guide.
" + "documentation": "Contains details for a gateway that runs on IoT Greengrass. To create a gateway that runs on IoT Greengrass, you must add the IoT SiteWise connector to a Greengrass group and deploy it. Your Greengrass group must also have permissions to upload data to IoT SiteWise. For more information, see Ingesting data using a gateway in the IoT SiteWise User Guide.
" }, "GroupIdentity": { "type": "structure", @@ -4726,7 +4843,7 @@ "members": { "id": { "shape": "IdentityId", - "documentation": "The AWS SSO ID of the group.
" + "documentation": "The Amazon Web Services SSO ID of the group.
" } }, "documentation": "Contains information for a group identity in an access policy.
" @@ -4742,7 +4859,7 @@ "documentation": "The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide.
" } }, - "documentation": "Contains information about an AWS Identity and Access Management (IAM) role. For more information, see IAM roles in the IAM User Guide.
" + "documentation": "Contains information about an Identity and Access Management role. For more information, see IAM roles in the IAM User Guide.
" }, "IAMUserIdentity": { "type": "structure", @@ -4755,7 +4872,7 @@ "documentation": "The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide.
If you delete the IAM user, access policies that contain this identity include an empty arn. You can delete the access policy for the IAM user that no longer exists.
Contains information about an AWS Identity and Access Management (IAM) user.
" + "documentation": "Contains information about an Identity and Access Management user.
" }, "ID": { "type": "string", @@ -4776,11 +4893,11 @@ "members": { "user": { "shape": "UserIdentity", - "documentation": "An AWS SSO user identity.
" + "documentation": "An Amazon Web Services SSO user identity.
" }, "group": { "shape": "GroupIdentity", - "documentation": "An AWS SSO group identity.
" + "documentation": "An Amazon Web Services SSO group identity.
" }, "iamUser": { "shape": "IAMUserIdentity", @@ -4791,7 +4908,7 @@ "documentation": "An IAM role identity.
" } }, - "documentation": "Contains an identity that can access an AWS IoT SiteWise Monitor resource.
Currently, you can't use AWS APIs to retrieve AWS SSO identity IDs. You can find the AWS SSO identity IDs in the URL of user and group pages in the AWS SSO console.
Contains an identity that can access an IoT SiteWise Monitor resource.
Currently, you can't use Amazon Web Services APIs to retrieve Amazon Web Services SSO identity IDs. You can find the Amazon Web Services SSO identity IDs in the URL of user and group pages in the Amazon Web Services SSO console.
The URL where the image is available. The URL is valid for 15 minutes so that you can view and download the image
" } }, - "documentation": "Contains an image that is uploaded to AWS IoT SiteWise and available at a URL.
" + "documentation": "Contains an image that is uploaded to IoT SiteWise and available at a URL.
" }, "InterpolatedAssetPropertyValue": { "type": "structure", @@ -4915,7 +5032,7 @@ "members": { "identityType": { "shape": "IdentityType", - "documentation": "The type of identity (AWS SSO user, AWS SSO group, or IAM user). This parameter is required if you specify identityId.
The type of identity (Amazon Web Services SSO user, Amazon Web Services SSO group, or IAM user). This parameter is required if you specify identityId.
The maximum number of results to be returned per paginated request.
Default: 50
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 50
", "location": "querystring", "locationName": "maxResults" } @@ -4984,7 +5101,7 @@ }, "maxResults": { "shape": "MaxResults", - "documentation": "The maximum number of results to be returned per paginated request.
Default: 50
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 50
", "location": "querystring", "locationName": "maxResults" } @@ -5033,7 +5150,7 @@ }, "maxResults": { "shape": "MaxResults", - "documentation": "The maximum number of results to be returned per paginated request.
", + "documentation": "The maximum number of results to return for each paginated request.
", "location": "querystring", "locationName": "maxResults" } @@ -5073,7 +5190,7 @@ }, "maxResults": { "shape": "MaxResults", - "documentation": "The maximum number of results to be returned per paginated request.
Default: 50
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 50
", "location": "querystring", "locationName": "maxResults" }, @@ -5121,7 +5238,7 @@ }, "hierarchyId": { "shape": "ID", - "documentation": "The ID of the hierarchy by which child assets are associated to the asset. To find a hierarchy ID, use the DescribeAsset or DescribeAssetModel operations. This parameter is required if you choose CHILD for traversalDirection.
For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.
", + "documentation": "The ID of the hierarchy by which child assets are associated to the asset. To find a hierarchy ID, use the DescribeAsset or DescribeAssetModel operations. This parameter is required if you choose CHILD for traversalDirection.
For more information, see Asset hierarchies in the IoT SiteWise User Guide.
", "location": "querystring", "locationName": "hierarchyId" }, @@ -5139,7 +5256,7 @@ }, "maxResults": { "shape": "MaxResults", - "documentation": "The maximum number of results to be returned per paginated request.
Default: 50
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 50
", "location": "querystring", "locationName": "maxResults" } @@ -5181,7 +5298,7 @@ }, "maxResults": { "shape": "MaxResults", - "documentation": "The maximum number of results to be returned per paginated request.
Default: 50
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 50
", "location": "querystring", "locationName": "maxResults" } @@ -5214,7 +5331,7 @@ }, "maxResults": { "shape": "MaxResults", - "documentation": "The maximum number of results to be returned per paginated request.
Default: 50
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 50
", "location": "querystring", "locationName": "maxResults" } @@ -5247,7 +5364,7 @@ }, "maxResults": { "shape": "MaxResults", - "documentation": "The maximum number of results to be returned per paginated request.
Default: 50
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 50
", "location": "querystring", "locationName": "maxResults" } @@ -5286,7 +5403,7 @@ }, "maxResults": { "shape": "MaxResults", - "documentation": "The maximum number of results to be returned per paginated request.
Default: 50
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 50
", "location": "querystring", "locationName": "maxResults" } @@ -5328,7 +5445,7 @@ }, "maxResults": { "shape": "MaxResults", - "documentation": "The maximum number of results to be returned per paginated request.
Default: 50
", + "documentation": "The maximum number of results to return for each paginated request.
Default: 50
", "location": "querystring", "locationName": "maxResults" } @@ -5369,7 +5486,7 @@ "members": { "tags": { "shape": "TagMap", - "documentation": "The list of key-value pairs that contain metadata for the resource. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
" + "documentation": "The list of key-value pairs that contain metadata for the resource. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.
" } } }, @@ -5389,7 +5506,7 @@ "members": { "level": { "shape": "LoggingLevel", - "documentation": "The AWS IoT SiteWise logging verbosity level.
" + "documentation": "The IoT SiteWise logging verbosity level.
" } }, "documentation": "Contains logging options.
" @@ -5412,7 +5529,7 @@ "Measurement": { "type": "structure", "members": {}, - "documentation": "Contains an asset measurement property. For more information, see Measurements in the AWS IoT SiteWise User Guide.
" + "documentation": "Contains an asset measurement property. For more information, see Measurements in the IoT SiteWise User Guide.
" }, "Metric": { "type": "structure", @@ -5424,7 +5541,7 @@ "members": { "expression": { "shape": "Expression", - "documentation": "The mathematical expression that defines the metric aggregation function. You can specify up to 10 variables per expression. You can specify up to 10 functions per expression.
For more information, see Quotas in the AWS IoT SiteWise User Guide.
" + "documentation": "The mathematical expression that defines the metric aggregation function. You can specify up to 10 variables per expression. You can specify up to 10 functions per expression.
For more information, see Quotas in the IoT SiteWise User Guide.
" }, "variables": { "shape": "ExpressionVariables", @@ -5432,10 +5549,10 @@ }, "window": { "shape": "MetricWindow", - "documentation": "The window (time interval) over which AWS IoT SiteWise computes the metric's aggregation expression. AWS IoT SiteWise computes one data point per window.
The window (time interval) over which IoT SiteWise computes the metric's aggregation expression. IoT SiteWise computes one data point per window.
Contains an asset metric property. With metrics, you can calculate aggregate functions, such as an average, maximum, or minimum, as specified through an expression. A metric maps several values to a single value (such as a sum).
The maximum number of dependent/cascading variables used in any one metric calculation is 10. Therefore, a root metric can have up to 10 cascading metrics in its computational dependency tree. Additionally, a metric can only have a data type of DOUBLE and consume properties with data types of INTEGER or DOUBLE.
For more information, see Metrics in the AWS IoT SiteWise User Guide.
" + "documentation": "Contains an asset metric property. With metrics, you can calculate aggregate functions, such as an average, maximum, or minimum, as specified through an expression. A metric maps several values to a single value (such as a sum).
The maximum number of dependent/cascading variables used in any one metric calculation is 10. Therefore, a root metric can have up to 10 cascading metrics in its computational dependency tree. Additionally, a metric can only have a data type of DOUBLE and consume properties with data types of INTEGER or DOUBLE.
For more information, see Metrics in the IoT SiteWise User Guide.
" }, "MetricWindow": { "type": "structure", @@ -5467,11 +5584,24 @@ "documentation": "The error message.
" } }, - "documentation": "Contains AWS IoT SiteWise Monitor error details.
" + "documentation": "Contains IoT SiteWise Monitor error details.
" }, "MonitorErrorMessage": { "type": "string" }, + "MultiLayerStorage": { + "type": "structure", + "required": [ + "customerManagedS3Storage" + ], + "members": { + "customerManagedS3Storage": { + "shape": "CustomerManagedS3Storage", + "documentation": "Contains information about a customer managed Amazon S3 bucket.
" + } + }, + "documentation": "Contains information about the storage destination.
" + }, "Name": { "type": "string", "max": 256, @@ -5513,7 +5643,7 @@ "documentation": "The ID of the portal.
" } }, - "documentation": "Identifies an AWS IoT SiteWise Monitor portal.
" + "documentation": "Identifies an IoT SiteWise Monitor portal.
" }, "PortalState": { "type": "string", @@ -5571,7 +5701,7 @@ }, "startUrl": { "shape": "Url", - "documentation": "The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the AWS IoT SiteWise console to get a URL that you can use to access the portal.
" + "documentation": "The URL for the IoT SiteWise Monitor portal. You can use this URL to access portals that use Amazon Web Services SSO for authentication. For portals that use IAM for authentication, you must use the IoT SiteWise console to get a URL that you can use to access the portal.
" }, "creationDate": { "shape": "Timestamp", @@ -5583,7 +5713,7 @@ }, "roleArn": { "shape": "ARN", - "documentation": "The ARN of the service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide.
" + "documentation": "The ARN of the service role that allows the portal's users to access your IoT SiteWise resources on your behalf. For more information, see Using service roles for IoT SiteWise Monitor in the IoT SiteWise User Guide.
" }, "status": { "shape": "PortalStatus" @@ -5602,7 +5732,7 @@ "documentation": "The ID of the project.
" } }, - "documentation": "Identifies a specific AWS IoT SiteWise Monitor project.
" + "documentation": "Identifies a specific IoT SiteWise Monitor project.
" }, "ProjectSummaries": { "type": "list", @@ -5658,7 +5788,7 @@ }, "alias": { "shape": "PropertyAlias", - "documentation": "The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.
The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.
The MQTT topic to which AWS IoT SiteWise publishes property value update notifications.
" + "documentation": "The MQTT topic to which IoT SiteWise publishes property value update notifications.
" }, "state": { "shape": "PropertyNotificationState", "documentation": "The current notification state.
" } }, - "documentation": "Contains asset property value notification information. When the notification state is enabled, AWS IoT SiteWise publishes property value updates to a unique MQTT topic. For more information, see Interacting with other services in the AWS IoT SiteWise User Guide.
" + "documentation": "Contains asset property value notification information. When the notification state is enabled, IoT SiteWise publishes property value updates to a unique MQTT topic. For more information, see Interacting with other services in the IoT SiteWise User Guide.
" }, "PropertyNotificationState": { "type": "string", @@ -5790,7 +5920,7 @@ }, "propertyAlias": { "shape": "AssetPropertyAlias", - "documentation": "The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.
The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.
The Key ID of the customer managed customer master key (CMK) used for AWS KMS encryption. This is required if you use KMS_BASED_ENCRYPTION.
The Key ID of the customer managed customer master key (CMK) used for KMS encryption. This is required if you use KMS_BASED_ENCRYPTION.
The Key ARN of the AWS KMS CMK used for AWS KMS encryption if you use KMS_BASED_ENCRYPTION.
The Key ARN of the KMS CMK used for KMS encryption if you use KMS_BASED_ENCRYPTION.
The type of storage that you specified for your data. The storage type can be one of the following values:
SITEWISE_DEFAULT_STORAGE – IoT SiteWise replicates your data into a service managed database.
MULTI_LAYER_STORAGE – IoT SiteWise replicates your data into a service managed database and saves a copy of your raw data and metadata in an Amazon S3 object that you specified.
Identifies a storage destination. If you specified MULTI_LAYER_STORAGE for the storage type, you must specify a MultiLayerStorage object.
The type of storage that you specified for your data. The storage type can be one of the following values:
SITEWISE_DEFAULT_STORAGE – IoT SiteWise replicates your data into a service managed database.
MULTI_LAYER_STORAGE – IoT SiteWise replicates your data into a service managed database and saves a copy of your raw data and metadata in an Amazon S3 object that you specified.
Contains information about the storage destination.
" + }, + "configurationStatus": { + "shape": "ConfigurationStatus" + } + } + }, "Qualities": { "type": "list", "member": { @@ -5886,7 +6052,7 @@ "documentation": "A project resource.
" } }, - "documentation": "Contains an AWS IoT SiteWise Monitor resource ID for a portal or project.
" + "documentation": "Contains an IoT SiteWise Monitor resource ID for a portal or project.
" }, "ResourceType": { "type": "string", @@ -5901,6 +6067,13 @@ "min": 1, "pattern": "^[!-~]*" }, + "StorageType": { + "type": "string", + "enum": [ + "SITEWISE_DEFAULT_STORAGE", + "MULTI_LAYER_STORAGE" + ] + }, "TagKey": { "type": "string", "max": 128, @@ -5940,7 +6113,7 @@ }, "tags": { "shape": "TagMap", - "documentation": "A list of key-value pairs that contain metadata for the resource. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
" + "documentation": "A list of key-value pairs that contain metadata for the resource. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.
" } } }, @@ -6000,14 +6173,14 @@ "members": { "expression": { "shape": "Expression", - "documentation": "The mathematical expression that defines the transformation function. You can specify up to 10 variables per expression. You can specify up to 10 functions per expression.
For more information, see Quotas in the AWS IoT SiteWise User Guide.
" + "documentation": "The mathematical expression that defines the transformation function. You can specify up to 10 variables per expression. You can specify up to 10 functions per expression.
For more information, see Quotas in the IoT SiteWise User Guide.
" }, "variables": { "shape": "ExpressionVariables", "documentation": "The list of variables used in the expression.
" } }, - "documentation": "Contains an asset transform property. A transform is a one-to-one mapping of a property's data points from one form to another. For example, you can use a transform to convert a Celsius data stream to Fahrenheit by applying the transformation expression to each data point of the Celsius stream. A transform can only have a data type of DOUBLE and consume properties with data types of INTEGER or DOUBLE.
For more information, see Transforms in the AWS IoT SiteWise User Guide.
" + "documentation": "Contains an asset transform property. A transform is a one-to-one mapping of a property's data points from one form to another. For example, you can use a transform to convert a Celsius data stream to Fahrenheit by applying the transformation expression to each data point of the Celsius stream. A transform can only have a data type of DOUBLE and consume properties with data types of INTEGER or DOUBLE.
For more information, see Transforms in the IoT SiteWise User Guide.
" }, "TraversalDirection": { "type": "string", @@ -6030,7 +6203,7 @@ "members": { "interval": { "shape": "Interval", - "documentation": "The time interval for the tumbling window. Note that w represents weeks, d represents days, h represents hours, and m represents minutes. AWS IoT SiteWise computes the 1w interval the end of Sunday at midnight each week (UTC), the 1d interval at the end of each day at midnight (UTC), the 1h interval at the end of each hour, and so on.
When AWS IoT SiteWise aggregates data points for metric computations, the start of each interval is exclusive and the end of each interval is inclusive. AWS IoT SiteWise places the computed data point at the end of the interval.
" + "documentation": "The time interval for the tumbling window. Note that w represents weeks, d represents days, h represents hours, and m represents minutes. IoT SiteWise computes the 1w interval the end of Sunday at midnight each week (UTC), the 1d interval at the end of each day at midnight (UTC), the 1h interval at the end of each hour, and so on.
When IoT SiteWise aggregates data points for metric computations, the start of each interval is exclusive and the end of each interval is inclusive. IoT SiteWise places the computed data point at the end of the interval.
" } }, "documentation": "Contains a tumbling window, which is a repeating fixed-sized, non-overlapping, and contiguous time interval. This window is used in metric and aggregation computations.
" @@ -6077,11 +6250,11 @@ }, "accessPolicyIdentity": { "shape": "Identity", - "documentation": "The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.
" + "documentation": "The identity for this access policy. Choose an Amazon Web Services SSO user, an Amazon Web Services SSO group, or an IAM user.
" }, "accessPolicyResource": { "shape": "Resource", - "documentation": "The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
" + "documentation": "The IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
" }, "accessPolicyPermission": { "shape": "Permission", @@ -6121,11 +6294,11 @@ }, "assetModelProperties": { "shape": "AssetModelProperties", - "documentation": "The updated property definitions of the asset model. For more information, see Asset properties in the AWS IoT SiteWise User Guide.
You can specify up to 200 properties per asset model. For more information, see Quotas in the AWS IoT SiteWise User Guide.
" + "documentation": "The updated property definitions of the asset model. For more information, see Asset properties in the IoT SiteWise User Guide.
You can specify up to 200 properties per asset model. For more information, see Quotas in the IoT SiteWise User Guide.
" }, "assetModelHierarchies": { "shape": "AssetModelHierarchies", - "documentation": "The updated hierarchy definitions of the asset model. Each hierarchy specifies an asset model whose assets can be children of any other assets created from this asset model. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.
You can specify up to 10 hierarchies per asset model. For more information, see Quotas in the AWS IoT SiteWise User Guide.
" + "documentation": "The updated hierarchy definitions of the asset model. Each hierarchy specifies an asset model whose assets can be children of any other assets created from this asset model. For more information, see Asset hierarchies in the IoT SiteWise User Guide.
You can specify up to 10 hierarchies per asset model. For more information, see Quotas in the IoT SiteWise User Guide.
" }, "assetModelCompositeModels": { "shape": "AssetModelCompositeModels", @@ -6171,11 +6344,11 @@ }, "propertyAlias": { "shape": "PropertyAlias", - "documentation": "The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.
If you omit this parameter, the alias is removed from the property.
" + "documentation": "The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.
If you omit this parameter, the alias is removed from the property.
" }, "propertyNotificationState": { "shape": "PropertyNotificationState", - "documentation": "The MQTT notification state (enabled or disabled) for this asset property. When the notification state is enabled, AWS IoT SiteWise publishes property value updates to a unique MQTT topic. For more information, see Interacting with other services in the AWS IoT SiteWise User Guide.
If you omit this parameter, the notification state is set to DISABLED.
The MQTT notification state (enabled or disabled) for this asset property. When the notification state is enabled, IoT SiteWise publishes property value updates to a unique MQTT topic. For more information, see Interacting with other services in the IoT SiteWise User Guide.
If you omit this parameter, the notification state is set to DISABLED.
The new dashboard definition, as specified in a JSON literal. For detailed information, see Creating dashboards (CLI) in the AWS IoT SiteWise User Guide.
" + "documentation": "The new dashboard definition, as specified in a JSON literal. For detailed information, see Creating dashboards (CLI) in the IoT SiteWise User Guide.
" }, "clientToken": { "shape": "ClientToken", @@ -6273,11 +6446,11 @@ }, "capabilityNamespace": { "shape": "CapabilityNamespace", - "documentation": "The namespace of the gateway capability configuration to be updated. For example, if you configure OPC-UA sources from the AWS IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.
The namespace of the gateway capability configuration to be updated. For example, if you configure OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.
The JSON document that defines the configuration for the gateway capability. For more information, see Configuring data sources (CLI) in the AWS IoT SiteWise User Guide.
" + "documentation": "The JSON document that defines the configuration for the gateway capability. For more information, see Configuring data sources (CLI) in the IoT SiteWise User Guide.
" } } }, @@ -6342,14 +6515,14 @@ }, "portalContactEmail": { "shape": "Email", - "documentation": "The AWS administrator's contact email address.
" + "documentation": "The Amazon Web Services administrator's contact email address.
" }, "portalLogoImage": { "shape": "Image" }, "roleArn": { "shape": "ARN", - "documentation": "The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide.
" + "documentation": "The ARN of a service role that allows the portal's users to access your IoT SiteWise resources on your behalf. For more information, see Using service roles for IoT SiteWise Monitor in the IoT SiteWise User Guide.
" }, "clientToken": { "shape": "ClientToken", @@ -6362,7 +6535,7 @@ }, "alarms": { "shape": "Alarms", - "documentation": "Contains the configuration information of an alarm created in an AWS IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see .
" + "documentation": "Contains the configuration information of an alarm created in an IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see Monitoring with alarms in the IoT SiteWise Application Guide.
" } } }, @@ -6424,7 +6597,7 @@ "members": { "id": { "shape": "IdentityId", - "documentation": "The AWS SSO ID of the user.
" + "documentation": "The Amazon Web Services SSO ID of the user.
" } }, "documentation": "Contains information for a user identity in an access policy.
" @@ -6447,7 +6620,7 @@ }, "hierarchyId": { "shape": "Macro", - "documentation": "The ID of the hierarchy to query for the property ID. You can use the hierarchy's name instead of the hierarchy's ID.
You use a hierarchy ID instead of a model ID because you can have several hierarchies using the same model and therefore the same propertyId. For example, you might have separately grouped assets that come from the same asset model. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.
The ID of the hierarchy to query for the property ID. You can use the hierarchy's name instead of the hierarchy's ID.
You use a hierarchy ID instead of a model ID because you can have several hierarchies using the same model and therefore the same propertyId. For example, you might have separately grouped assets that come from the same asset model. For more information, see Asset hierarchies in the IoT SiteWise User Guide.
Identifies a property value used in an expression.
" @@ -6475,5 +6648,5 @@ "documentation": "Contains an asset property value (of a single type only).
" } }, - "documentation": "Welcome to the AWS IoT SiteWise API Reference. AWS IoT SiteWise is an AWS service that connects Industrial Internet of Things (IIoT) devices to the power of the AWS Cloud. For more information, see the AWS IoT SiteWise User Guide. For information about AWS IoT SiteWise quotas, see Quotas in the AWS IoT SiteWise User Guide.
" + "documentation": "Welcome to the IoT SiteWise API Reference. IoT SiteWise is an Amazon Web Services service that connects Industrial Internet of Things (IIoT) devices to the power of the Amazon Web Services Cloud. For more information, see the IoT SiteWise User Guide. For information about IoT SiteWise quotas, see Quotas in the IoT SiteWise User Guide.
" } \ No newline at end of file diff --git a/apis/mq-2017-11-27.min.json b/apis/mq-2017-11-27.min.json index 6dedef9fde..4717dc3395 100644 --- a/apis/mq-2017-11-27.min.json +++ b/apis/mq-2017-11-27.min.json @@ -104,10 +104,24 @@ "Username": { "locationName": "username" } - } + }, + "required": [ + "Username", + "Password" + ] } } - } + }, + "required": [ + "EngineVersion", + "HostInstanceType", + "AutoMinorVersionUpgrade", + "Users", + "BrokerName", + "DeploymentMode", + "EngineType", + "PubliclyAccessible" + ] }, "output": { "type": "structure", @@ -145,7 +159,12 @@ "shape": "Sg", "locationName": "tags" } - } + }, + "required": [ + "EngineVersion", + "EngineType", + "Name" + ] }, "output": { "type": "structure", @@ -225,7 +244,8 @@ }, "required": [ "Username", - "BrokerId" + "BrokerId", + "Password" ] }, "output": { @@ -449,7 +469,11 @@ } } } - } + }, + "required": [ + "GeneralLogGroup", + "General" + ] }, "MaintenanceWindowStartTime": { "shape": "Sd", @@ -794,7 +818,10 @@ "PendingChange": { "locationName": "pendingChange" } - } + }, + "required": [ + "PendingChange" + ] }, "Username": { "locationName": "username" @@ -856,7 +883,11 @@ "HostInstanceType": { "locationName": "hostInstanceType" } - } + }, + "required": [ + "DeploymentMode", + "EngineType" + ] } }, "NextToken": { @@ -977,7 +1008,18 @@ "shape": "Sg", "locationName": "tags" } - } + }, + "required": [ + "Description", + "EngineVersion", + "LatestRevision", + "AuthenticationStrategy", + "EngineType", + "Id", + "Arn", + "Name", + "Created" + ] } }, "MaxResults": { @@ -1125,6 +1167,10 @@ "shape": "Sc", "locationName": "logs" }, + "MaintenanceWindowStartTime": { + "shape": "Sd", + "locationName": "maintenanceWindowStartTime" + }, "SecurityGroups": { "shape": "Sb", "locationName": "securityGroups" @@ -1165,6 +1211,10 @@ "shape": "Sc", "locationName": "logs" }, + "MaintenanceWindowStartTime": { + "shape": "Sd", + "locationName": "maintenanceWindowStartTime" + }, "SecurityGroups": { "shape": "Sb", "locationName": "securityGroups" @@ -1193,7 +1243,8 @@ } }, "required": [ - "ConfigurationId" + "ConfigurationId", + "Data" ] }, "output": { @@ -1231,7 +1282,10 @@ "Reason": { "locationName": "reason" } - } + }, + "required": [ + "Reason" + ] } } } @@ -1288,7 +1342,10 @@ "locationName": "revision", "type": "integer" } - } + }, + "required": [ + "Id" + ] }, "S8": { "type": "structure", @@ -1344,7 +1401,16 @@ "locationName": "userSearchSubtree", "type": "boolean" } - } + }, + "required": [ + "Hosts", + "UserSearchMatching", + "UserBase", + "RoleSearchMatching", + "ServiceAccountUsername", + "RoleBase", + "ServiceAccountPassword" + ] }, "Sb": { "type": "list", @@ -1375,7 +1441,11 @@ "TimeZone": { "locationName": "timeZone" } - } + }, + "required": [ + "TimeOfDay", + "DayOfWeek" + ] }, "Sg": { "type": "map", @@ -1400,7 +1470,11 @@ "locationName": "revision", "type": "integer" } - } + }, + "required": [ + "Revision", + "Created" + ] }, "S13": { "type": "structure", @@ -1438,7 +1512,15 @@ "locationName": "userSearchSubtree", "type": "boolean" } - } + }, + "required": [ + "Hosts", + "UserSearchMatching", + "UserBase", + "RoleSearchMatching", + "ServiceAccountUsername", + "RoleBase" + ] }, "S16": { "type": "list", @@ -1451,7 +1533,10 @@ "Username": { "locationName": "username" } - } + }, + "required": [ + "Username" + ] } } }, diff --git a/apis/mq-2017-11-27.normal.json b/apis/mq-2017-11-27.normal.json index f7d8eaf79f..011afb3700 100644 --- a/apis/mq-2017-11-27.normal.json +++ b/apis/mq-2017-11-27.normal.json @@ -23,31 +23,31 @@ }, "output": { "shape": "CreateBrokerResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "UnauthorizedException", - "documentation": "HTTP Status Code 401: Unauthorized request. The provided credentials couldn't be validated." + "documentation": "HTTP Status Code 401: Unauthorized request. The provided credentials couldn't be validated.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ConflictException", - "documentation": "HTTP Status Code 409: Conflict. This broker name already exists. Retry your request with another name." + "documentation": "HTTP Status Code 409: Conflict. This broker name already exists. Retry your request with another name.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Creates a broker. Note: This API is asynchronous." + "documentation": "Creates a broker. Note: This API is asynchronous.
To create a broker, you must either use the AmazonMQFullAccess IAM policy or include the following EC2 permissions in your IAM policy.
ec2:CreateNetworkInterface
This permission is required to allow Amazon MQ to create an elastic network interface (ENI) on behalf of your account.
ec2:CreateNetworkInterfacePermission
This permission is required to attach the ENI to the broker instance.
ec2:DeleteNetworkInterface
ec2:DeleteNetworkInterfacePermission
ec2:DetachNetworkInterface
ec2:DescribeInternetGateways
ec2:DescribeNetworkInterfaces
ec2:DescribeNetworkInterfacePermissions
ec2:DescribeRouteTables
ec2:DescribeSecurityGroups
ec2:DescribeSubnets
ec2:DescribeVpcs
For more information, see Create an IAM User and Get Your AWS Credentials and Never Modify or Delete the Amazon MQ Elastic Network Interface in the Amazon MQ Developer Guide.
" }, "CreateConfiguration": { "name": "CreateConfiguration", @@ -61,27 +61,27 @@ }, "output": { "shape": "CreateConfigurationResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ConflictException", - "documentation": "HTTP Status Code 409: Conflict. This configuration name already exists. Retry your request with another configuration name." + "documentation": "HTTP Status Code 409: Conflict. This broker name already exists. Retry your request with another name.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your input and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version)." + "documentation": "Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version).
" }, "CreateTags": { "name": "CreateTags", @@ -96,22 +96,22 @@ "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Add a tag to a resource." + "documentation": "Add a tag to a resource.
" }, "CreateUser": { "name": "CreateUser", @@ -125,31 +125,31 @@ }, "output": { "shape": "CreateUserResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ConflictException", - "documentation": "HTTP Status Code 409: Conflict. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 409: Conflict. This broker name already exists. Retry your request with another name.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Creates an ActiveMQ user." + "documentation": "Creates an ActiveMQ user.
" }, "DeleteBroker": { "name": "DeleteBroker", @@ -163,27 +163,27 @@ }, "output": { "shape": "DeleteBrokerResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Deletes a broker. Note: This API is asynchronous." + "documentation": "Deletes a broker. Note: This API is asynchronous.
" }, "DeleteTags": { "name": "DeleteTags", @@ -198,22 +198,22 @@ "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Removes a tag from a resource." + "documentation": "Removes a tag from a resource.
" }, "DeleteUser": { "name": "DeleteUser", @@ -227,27 +227,27 @@ }, "output": { "shape": "DeleteUserResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Deletes an ActiveMQ user." + "documentation": "Deletes an ActiveMQ user.
" }, "DescribeBroker": { "name": "DescribeBroker", @@ -261,27 +261,27 @@ }, "output": { "shape": "DescribeBrokerResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Returns information about the specified broker." + "documentation": "Returns information about the specified broker.
" }, "DescribeBrokerEngineTypes": { "name": "DescribeBrokerEngineTypes", @@ -295,23 +295,23 @@ }, "output": { "shape": "DescribeBrokerEngineTypesResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Describe available engine types and versions." + "documentation": "Describe available engine types and versions.
" }, "DescribeBrokerInstanceOptions": { "name": "DescribeBrokerInstanceOptions", @@ -325,23 +325,23 @@ }, "output": { "shape": "DescribeBrokerInstanceOptionsResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Describe available broker instance options." + "documentation": "Describe available broker instance options.
" }, "DescribeConfiguration": { "name": "DescribeConfiguration", @@ -355,27 +355,27 @@ }, "output": { "shape": "DescribeConfigurationResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Returns information about the specified configuration." + "documentation": "Returns information about the specified configuration.
" }, "DescribeConfigurationRevision": { "name": "DescribeConfigurationRevision", @@ -389,27 +389,27 @@ }, "output": { "shape": "DescribeConfigurationRevisionResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Returns the specified configuration revision for the specified configuration." + "documentation": "Returns the specified configuration revision for the specified configuration.
" }, "DescribeUser": { "name": "DescribeUser", @@ -423,27 +423,27 @@ }, "output": { "shape": "DescribeUserResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Returns information about an ActiveMQ user." + "documentation": "Returns information about an ActiveMQ user.
" }, "ListBrokers": { "name": "ListBrokers", @@ -457,23 +457,23 @@ }, "output": { "shape": "ListBrokersResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Returns a list of all brokers." + "documentation": "Returns a list of all brokers.
" }, "ListConfigurationRevisions": { "name": "ListConfigurationRevisions", @@ -487,27 +487,27 @@ }, "output": { "shape": "ListConfigurationRevisionsResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Returns a list of all revisions for the specified configuration." + "documentation": "Returns a list of all revisions for the specified configuration.
" }, "ListConfigurations": { "name": "ListConfigurations", @@ -521,23 +521,23 @@ }, "output": { "shape": "ListConfigurationsResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Returns a list of all configurations." + "documentation": "Returns a list of all configurations.
" }, "ListTags": { "name": "ListTags", @@ -551,27 +551,27 @@ }, "output": { "shape": "ListTagsResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Lists tags for a resource." + "documentation": "Lists tags for a resource.
" }, "ListUsers": { "name": "ListUsers", @@ -585,27 +585,27 @@ }, "output": { "shape": "ListUsersResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Returns a list of all ActiveMQ users." + "documentation": "Returns a list of all ActiveMQ users.
" }, "RebootBroker": { "name": "RebootBroker", @@ -619,27 +619,27 @@ }, "output": { "shape": "RebootBrokerResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Reboots a broker. Note: This API is asynchronous." + "documentation": "Reboots a broker. Note: This API is asynchronous.
" }, "UpdateBroker": { "name": "UpdateBroker", @@ -653,31 +653,31 @@ }, "output": { "shape": "UpdateBrokerResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ConflictException", - "documentation": "HTTP Status Code 409: Conflict. Concurrent broker update detected. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 409: Conflict. This broker name already exists. Retry your request with another name.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Adds a pending configuration change to a broker." + "documentation": "Adds a pending configuration change to a broker.
" }, "UpdateConfiguration": { "name": "UpdateConfiguration", @@ -691,31 +691,31 @@ }, "output": { "shape": "UpdateConfigurationResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ConflictException", - "documentation": "HTTP Status Code 409: Conflict. Concurrent update to configuration. Retry to create a new revision." + "documentation": "HTTP Status Code 409: Conflict. This broker name already exists. Retry your request with another name.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your input and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Updates the specified configuration." + "documentation": "Updates the specified configuration.
" }, "UpdateUser": { "name": "UpdateUser", @@ -729,37 +729,37 @@ }, "output": { "shape": "UpdateUserResponse", - "documentation": "HTTP Status Code 200: OK." + "documentation": "HTTP Status Code 200: OK.
" }, "errors": [ { "shape": "NotFoundException", - "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.
" }, { "shape": "BadRequestException", - "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it." + "documentation": "HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
" }, { "shape": "InternalServerErrorException", - "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
" }, { "shape": "ConflictException", - "documentation": "HTTP Status Code 409: Conflict. Retrying your request might resolve the issue." + "documentation": "HTTP Status Code 409: Conflict. This broker name already exists. Retry your request with another name.
" }, { "shape": "ForbiddenException", - "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request." + "documentation": "HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
" } ], - "documentation": "Updates the information for an ActiveMQ user." + "documentation": "Updates the information for an ActiveMQ user.
" } }, "shapes": { "AuthenticationStrategy": { "type": "string", - "documentation": "The authentication strategy used to secure the broker.", + "documentation": "Optional. The authentication strategy used to secure the broker. The default is SIMPLE.
", "enum": [ "SIMPLE", "LDAP" @@ -771,10 +771,10 @@ "Name": { "shape": "__string", "locationName": "name", - "documentation": "Id for the availability zone." + "documentation": "Id for the availability zone.
" } }, - "documentation": "Name of the availability zone." + "documentation": "Name of the availability zone.
" }, "BrokerEngineType": { "type": "structure", @@ -782,15 +782,15 @@ "EngineType": { "shape": "EngineType", "locationName": "engineType", - "documentation": "The type of broker engine." + "documentation": "The broker's engine type.
" }, "EngineVersions": { "shape": "__listOfEngineVersion", "locationName": "engineVersions", - "documentation": "The list of engine versions." + "documentation": "The list of engine versions.
" } }, - "documentation": "Types of broker engines." + "documentation": "Types of broker engines.
" }, "BrokerInstance": { "type": "structure", @@ -798,20 +798,20 @@ "ConsoleURL": { "shape": "__string", "locationName": "consoleURL", - "documentation": "The URL of the broker's Web Console." + "documentation": "The brokers web console URL.
" }, "Endpoints": { "shape": "__listOf__string", "locationName": "endpoints", - "documentation": "The broker's wire-level protocol endpoints." + "documentation": "The broker's wire-level protocol endpoints.
" }, "IpAddress": { "shape": "__string", "locationName": "ipAddress", - "documentation": "The IP address of the Elastic Network Interface (ENI) attached to the broker. Does not apply to RabbitMQ brokers" + "documentation": "The IP address of the Elastic Network Interface (ENI) attached to the broker. Does not apply to RabbitMQ brokers.
" } }, - "documentation": "Returns information about all brokers." + "documentation": "Returns information about all brokers.
" }, "BrokerInstanceOption": { "type": "structure", @@ -819,39 +819,39 @@ "AvailabilityZones": { "shape": "__listOfAvailabilityZone", "locationName": "availabilityZones", - "documentation": "The list of available az." + "documentation": "The list of available az.
" }, "EngineType": { "shape": "EngineType", "locationName": "engineType", - "documentation": "The type of broker engine." + "documentation": "The broker's engine type.
" }, "HostInstanceType": { "shape": "__string", "locationName": "hostInstanceType", - "documentation": "The type of broker instance." + "documentation": "The broker's instance type.
" }, "StorageType": { "shape": "BrokerStorageType", "locationName": "storageType", - "documentation": "The broker's storage type." + "documentation": "The broker's storage type.
" }, "SupportedDeploymentModes": { "shape": "__listOfDeploymentMode", "locationName": "supportedDeploymentModes", - "documentation": "The list of supported deployment modes." + "documentation": "The list of supported deployment modes.
" }, "SupportedEngineVersions": { "shape": "__listOf__string", "locationName": "supportedEngineVersions", - "documentation": "The list of supported engine versions." + "documentation": "The list of supported engine versions.
" } }, - "documentation": "Option for host instance type." + "documentation": "Option for host instance type.
" }, "BrokerState": { "type": "string", - "documentation": "The status of the broker.", + "documentation": "The broker's status.
", "enum": [ "CREATION_IN_PROGRESS", "CREATION_FAILED", @@ -862,7 +862,7 @@ }, "BrokerStorageType": { "type": "string", - "documentation": "The broker's storage type.The broker's storage type.
EFS is not supported for RabbitMQ engine type.
The broker's Amazon Resource Name (ARN).
" }, "BrokerId": { "shape": "__string", "locationName": "brokerId", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" }, "BrokerName": { "shape": "__string", "locationName": "brokerName", - "documentation": "The name of the broker. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain whitespaces, brackets, wildcard characters, or special characters." + "documentation": "The broker's name. This value is unique in your AWS account, 1-50 characters long, and containing only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.
" }, "BrokerState": { "shape": "BrokerState", "locationName": "brokerState", - "documentation": "The status of the broker." + "documentation": "The broker's status.
" }, "Created": { "shape": "__timestampIso8601", "locationName": "created", - "documentation": "The time when the broker was created." + "documentation": "The time when the broker was created.
" }, "DeploymentMode": { "shape": "DeploymentMode", "locationName": "deploymentMode", - "documentation": "Required. The deployment mode of the broker." + "documentation": "The broker's deployment mode.
" }, "EngineType": { "shape": "EngineType", "locationName": "engineType", - "documentation": "Required. The type of broker engine." + "documentation": "The type of broker engine.
" }, "HostInstanceType": { "shape": "__string", "locationName": "hostInstanceType", - "documentation": "The broker's instance type." + "documentation": "The broker's instance type.
" } }, - "documentation": "The Amazon Resource Name (ARN) of the broker." + "documentation": "Returns information about all brokers.
", + "required": [ + "DeploymentMode", + "EngineType" + ] }, "ChangeType": { "type": "string", - "documentation": "The type of change pending for the ActiveMQ user.", + "documentation": "The type of change pending for the ActiveMQ user.
", "enum": [ "CREATE", "UPDATE", @@ -929,55 +933,66 @@ "Arn": { "shape": "__string", "locationName": "arn", - "documentation": "Required. The ARN of the configuration." + "documentation": "Required. The ARN of the configuration.
" }, "AuthenticationStrategy": { "shape": "AuthenticationStrategy", "locationName": "authenticationStrategy", - "documentation": "The authentication strategy associated with the configuration." + "documentation": "Optional. The authentication strategy associated with the configuration. The default is SIMPLE.
" }, "Created": { "shape": "__timestampIso8601", "locationName": "created", - "documentation": "Required. The date and time of the configuration revision." + "documentation": "Required. The date and time of the configuration revision.
" }, "Description": { "shape": "__string", "locationName": "description", - "documentation": "Required. The description of the configuration." + "documentation": "Required. The description of the configuration.
" }, "EngineType": { "shape": "EngineType", "locationName": "engineType", - "documentation": "Required. The type of broker engine. Note: Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ." + "documentation": "Required. The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.
" }, "EngineVersion": { "shape": "__string", "locationName": "engineVersion", - "documentation": "Required. The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html" + "documentation": "Required. The broker engine's version. For a list of supported engine versions, see, Supported engines.
" }, "Id": { "shape": "__string", "locationName": "id", - "documentation": "Required. The unique ID that Amazon MQ generates for the configuration." + "documentation": "Required. The unique ID that Amazon MQ generates for the configuration.
" }, "LatestRevision": { "shape": "ConfigurationRevision", "locationName": "latestRevision", - "documentation": "Required. The latest revision of the configuration." + "documentation": "Required. The latest revision of the configuration.
" }, "Name": { "shape": "__string", "locationName": "name", - "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long." + "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.
" }, "Tags": { "shape": "__mapOf__string", "locationName": "tags", - "documentation": "The list of all tags associated with this configuration." + "documentation": "The list of all tags associated with this configuration.
" } }, - "documentation": "Returns information about all configurations." + "documentation": "Returns information about all configurations.
", + "required": [ + "Description", + "EngineVersion", + "LatestRevision", + "AuthenticationStrategy", + "EngineType", + "Id", + "Arn", + "Name", + "Created" + ] }, "ConfigurationId": { "type": "structure", @@ -985,15 +1000,18 @@ "Id": { "shape": "__string", "locationName": "id", - "documentation": "Required. The unique ID that Amazon MQ generates for the configuration." + "documentation": "Required. The unique ID that Amazon MQ generates for the configuration.
" }, "Revision": { "shape": "__integer", "locationName": "revision", - "documentation": "The revision number of the configuration." + "documentation": "The revision number of the configuration.
" } }, - "documentation": "A list of information about the configuration.A list of information about the configuration.
Does not apply to RabbitMQ brokers.
Required. The date and time of the configuration revision.
" }, "Description": { "shape": "__string", "locationName": "description", - "documentation": "The description of the configuration revision." + "documentation": "The description of the configuration revision.
" }, "Revision": { "shape": "__integer", "locationName": "revision", - "documentation": "Required. The revision number of the configuration." + "documentation": "Required. The revision number of the configuration.
" } }, - "documentation": "Returns information about the specified configuration revision." + "documentation": "Returns information about the specified configuration revision.
", + "required": [ + "Revision", + "Created" + ] }, "Configurations": { "type": "structure", @@ -1022,20 +1044,20 @@ "Current": { "shape": "ConfigurationId", "locationName": "current", - "documentation": "The current configuration of the broker." + "documentation": "The broker's current configuration.
" }, "History": { "shape": "__listOfConfigurationId", "locationName": "history", - "documentation": "The history of configurations applied to the broker." + "documentation": "The history of configurations applied to the broker.
" }, "Pending": { "shape": "ConfigurationId", "locationName": "pending", - "documentation": "The pending configuration of the broker." + "documentation": "The broker's pending configuration.
" } }, - "documentation": "Broker configuration information" + "documentation": "Broker configuration information
" }, "CreateBrokerRequest": { "type": "structure", @@ -1043,101 +1065,111 @@ "AuthenticationStrategy": { "shape": "AuthenticationStrategy", "locationName": "authenticationStrategy", - "documentation": "The authentication strategy used to secure the broker." + "documentation": "Optional. The authentication strategy used to secure the broker. The default is SIMPLE.
" }, "AutoMinorVersionUpgrade": { "shape": "__boolean", "locationName": "autoMinorVersionUpgrade", - "documentation": "Required. Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions. The automatic upgrades occur during the maintenance window of the broker or after a manual broker reboot." + "documentation": "Enables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot. Set to true by default, if no value is specified.
" }, "BrokerName": { "shape": "__string", "locationName": "brokerName", - "documentation": "Required. The name of the broker. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain whitespaces, brackets, wildcard characters, or special characters." + "documentation": "Required. The broker's name. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.
" }, "Configuration": { "shape": "ConfigurationId", "locationName": "configuration", - "documentation": "A list of information about the configuration." + "documentation": "A list of information about the configuration.
" }, "CreatorRequestId": { "shape": "__string", "locationName": "creatorRequestId", - "documentation": "The unique ID that the requester receives for the created broker. Amazon MQ passes your ID with the API action. Note: We recommend using a Universally Unique Identifier (UUID) for the creatorRequestId. You may omit the creatorRequestId if your application doesn't require idempotency.", + "documentation": "The unique ID that the requester receives for the created broker. Amazon MQ passes your ID with the API action. Note: We recommend using a Universally Unique Identifier (UUID) for the creatorRequestId. You may omit the creatorRequestId if your application doesn't require idempotency.
", "idempotencyToken": true }, "DeploymentMode": { "shape": "DeploymentMode", "locationName": "deploymentMode", - "documentation": "Required. The deployment mode of the broker." + "documentation": "Required. The broker's deployment mode.
" }, "EncryptionOptions": { "shape": "EncryptionOptions", "locationName": "encryptionOptions", - "documentation": "Encryption options for the broker." + "documentation": "Encryption options for the broker. Does not apply to RabbitMQ brokers.
" }, "EngineType": { "shape": "EngineType", "locationName": "engineType", - "documentation": "Required. The type of broker engine. Note: Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ." + "documentation": "Required. The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.
" }, "EngineVersion": { "shape": "__string", "locationName": "engineVersion", - "documentation": "Required. The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html" + "documentation": "Required. The broker engine's version. For a list of supported engine versions, see Supported engines.
" }, "HostInstanceType": { "shape": "__string", "locationName": "hostInstanceType", - "documentation": "Required. The broker's instance type." + "documentation": "Required. The broker's instance type.
" }, "LdapServerMetadata": { "shape": "LdapServerMetadataInput", "locationName": "ldapServerMetadata", - "documentation": "The metadata of the LDAP server used to authenticate and authorize connections to the broker." + "documentation": "Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. Does not apply to RabbitMQ brokers.
" }, "Logs": { "shape": "Logs", "locationName": "logs", - "documentation": "Enables Amazon CloudWatch logging for brokers." + "documentation": "Enables Amazon CloudWatch logging for brokers.
" }, "MaintenanceWindowStartTime": { "shape": "WeeklyStartTime", "locationName": "maintenanceWindowStartTime", - "documentation": "The parameters that determine the WeeklyStartTime." + "documentation": "The parameters that determine the WeeklyStartTime.
" }, "PubliclyAccessible": { "shape": "__boolean", "locationName": "publiclyAccessible", - "documentation": "Required. Enables connections from applications outside of the VPC that hosts the broker's subnets." + "documentation": "Enables connections from applications outside of the VPC that hosts the broker's subnets. Set to false by default, if no value is provided.
" }, "SecurityGroups": { "shape": "__listOf__string", "locationName": "securityGroups", - "documentation": "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers." + "documentation": "The list of rules (1 minimum, 125 maximum) that authorize connections to brokers.
" }, "StorageType": { "shape": "BrokerStorageType", "locationName": "storageType", - "documentation": "The broker's storage type." + "documentation": "The broker's storage type.
" }, "SubnetIds": { "shape": "__listOf__string", "locationName": "subnetIds", - "documentation": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ deployment (ACTIVEMQ) requires two subnets. A CLUSTER_MULTI_AZ deployment (RABBITMQ) has no subnet requirements when deployed with public accessibility, deployment without public accessibility requires at least one subnet." + "documentation": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. If you specify more than one subnet, the subnets must be in different Availability Zones. Amazon MQ will not be able to create VPC endpoints for your broker with multiple subnets in the same Availability Zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ Amazon MQ for ActiveMQ deployment requires two subnets. A CLUSTER_MULTI_AZ Amazon MQ for RabbitMQ deployment has no subnet requirements when deployed with public accessibility. Deployment without public accessibility requires at least one subnet.
If you specify subnets in a shared VPC for a RabbitMQ broker, the associated VPC to which the specified subnets belong must be owned by your AWS account. Amazon MQ will not be able to create VPC endpoints in VPCs that are not owned by your AWS account.
Create tags when creating the broker.
" }, "Users": { "shape": "__listOfUser", "locationName": "users", - "documentation": "Required. The list of broker users (persons or applications) who can access queues and topics. For RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ Web Console. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "Required. The list of broker users (persons or applications) who can access queues and topics. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
When you create an Amazon MQ for RabbitMQ broker, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.
Creates a broker using the specified properties.
", + "required": [ + "EngineVersion", + "HostInstanceType", + "AutoMinorVersionUpgrade", + "Users", + "BrokerName", + "DeploymentMode", + "EngineType", + "PubliclyAccessible" + ] }, "CreateBrokerResponse": { "type": "structure", @@ -1145,12 +1177,12 @@ "BrokerArn": { "shape": "__string", "locationName": "brokerArn", - "documentation": "The Amazon Resource Name (ARN) of the broker." + "documentation": "The broker's Amazon Resource Name (ARN).
" }, "BrokerId": { "shape": "__string", "locationName": "brokerId", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" } } }, @@ -1160,30 +1192,35 @@ "AuthenticationStrategy": { "shape": "AuthenticationStrategy", "locationName": "authenticationStrategy", - "documentation": "The authentication strategy associated with the configuration." + "documentation": "Optional. The authentication strategy associated with the configuration. The default is SIMPLE.
" }, "EngineType": { "shape": "EngineType", "locationName": "engineType", - "documentation": "Required. The type of broker engine. Note: Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ." + "documentation": "Required. The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.
" }, "EngineVersion": { "shape": "__string", "locationName": "engineVersion", - "documentation": "Required. The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html" + "documentation": "Required. The broker engine's version. For a list of supported engine versions, see Supported engines.
" }, "Name": { "shape": "__string", "locationName": "name", - "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long." + "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.
" }, "Tags": { "shape": "__mapOf__string", "locationName": "tags", - "documentation": "Create tags when creating the configuration." + "documentation": "Create tags when creating the configuration.
" } }, - "documentation": "Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version)." + "documentation": "Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version).
", + "required": [ + "EngineVersion", + "EngineType", + "Name" + ] }, "CreateConfigurationResponse": { "type": "structure", @@ -1191,32 +1228,32 @@ "Arn": { "shape": "__string", "locationName": "arn", - "documentation": "Required. The Amazon Resource Name (ARN) of the configuration." + "documentation": "Required. The Amazon Resource Name (ARN) of the configuration.
" }, "AuthenticationStrategy": { "shape": "AuthenticationStrategy", "locationName": "authenticationStrategy", - "documentation": "The authentication strategy associated with the configuration." + "documentation": "Optional. The authentication strategy associated with the configuration. The default is SIMPLE.
" }, "Created": { "shape": "__timestampIso8601", "locationName": "created", - "documentation": "Required. The date and time of the configuration." + "documentation": "Required. The date and time of the configuration.
" }, "Id": { "shape": "__string", "locationName": "id", - "documentation": "Required. The unique ID that Amazon MQ generates for the configuration." + "documentation": "Required. The unique ID that Amazon MQ generates for the configuration.
" }, "LatestRevision": { "shape": "ConfigurationRevision", "locationName": "latestRevision", - "documentation": "The latest revision of the configuration." + "documentation": "The latest revision of the configuration.
" }, "Name": { "shape": "__string", "locationName": "name", - "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long." + "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.
" } } }, @@ -1227,15 +1264,15 @@ "shape": "__string", "location": "uri", "locationName": "resource-arn", - "documentation": "The Amazon Resource Name (ARN) of the resource tag." + "documentation": "The Amazon Resource Name (ARN) of the resource tag.
" }, "Tags": { "shape": "__mapOf__string", "locationName": "tags", - "documentation": "The key-value pair for the resource tag." + "documentation": "The key-value pair for the resource tag.
" } }, - "documentation": "A map of the key-value pairs for the resource tag.", + "documentation": "A map of the key-value pairs for the resource tag.
", "required": [ "ResourceArn" ] @@ -1247,34 +1284,35 @@ "shape": "__string", "location": "uri", "locationName": "broker-id", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" }, "ConsoleAccess": { "shape": "__boolean", "locationName": "consoleAccess", - "documentation": "Enables access to the the ActiveMQ Web Console for the ActiveMQ user." + "documentation": "Enables access to the ActiveMQ Web Console for the ActiveMQ user.
" }, "Groups": { "shape": "__listOf__string", "locationName": "groups", - "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" }, "Password": { "shape": "__string", "locationName": "password", - "documentation": "Required. The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas." + "documentation": "Required. The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).
" }, "Username": { "shape": "__string", "location": "uri", "locationName": "username", - "documentation": "The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" } }, - "documentation": "Creates a new ActiveMQ user.", + "documentation": "Creates a new ActiveMQ user.
", "required": [ "Username", - "BrokerId" + "BrokerId", + "Password" ] }, "CreateUserResponse": { @@ -1300,7 +1338,7 @@ "shape": "__string", "location": "uri", "locationName": "broker-id", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" } }, "required": [ @@ -1313,7 +1351,7 @@ "BrokerId": { "shape": "__string", "locationName": "brokerId", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" } } }, @@ -1324,13 +1362,13 @@ "shape": "__string", "location": "uri", "locationName": "resource-arn", - "documentation": "The Amazon Resource Name (ARN) of the resource tag." + "documentation": "The Amazon Resource Name (ARN) of the resource tag.
" }, "TagKeys": { "shape": "__listOf__string", "location": "querystring", "locationName": "tagKeys", - "documentation": "An array of tag keys to delete" + "documentation": "An array of tag keys to delete
" } }, "required": [ @@ -1345,13 +1383,13 @@ "shape": "__string", "location": "uri", "locationName": "broker-id", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" }, "Username": { "shape": "__string", "location": "uri", "locationName": "username", - "documentation": "The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" } }, "required": [ @@ -1365,7 +1403,7 @@ }, "DeploymentMode": { "type": "string", - "documentation": "The deployment mode of the broker.", + "documentation": "The broker's deployment mode.
", "enum": [ "SINGLE_INSTANCE", "ACTIVE_STANDBY_MULTI_AZ", @@ -1379,19 +1417,19 @@ "shape": "__string", "location": "querystring", "locationName": "engineType", - "documentation": "Filter response by engine type." + "documentation": "Filter response by engine type.
" }, "MaxResults": { "shape": "MaxResults", "location": "querystring", "locationName": "maxResults", - "documentation": "The maximum number of engine types that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "The maximum number of brokers that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "location": "querystring", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" } } }, @@ -1401,17 +1439,17 @@ "BrokerEngineTypes": { "shape": "__listOfBrokerEngineType", "locationName": "brokerEngineTypes", - "documentation": "List of available engine types and versions." + "documentation": "List of available engine types and versions.
" }, "MaxResults": { "shape": "__integerMin5Max100", "locationName": "maxResults", - "documentation": "Required. The maximum number of engine types that can be returned per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "Required. The maximum number of engine types that can be returned per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" } } }, @@ -1422,31 +1460,31 @@ "shape": "__string", "location": "querystring", "locationName": "engineType", - "documentation": "Filter response by engine type." + "documentation": "Filter response by engine type.
" }, "HostInstanceType": { "shape": "__string", "location": "querystring", "locationName": "hostInstanceType", - "documentation": "Filter response by host instance type." + "documentation": "Filter response by host instance type.
" }, "MaxResults": { "shape": "MaxResults", "location": "querystring", "locationName": "maxResults", - "documentation": "The maximum number of instance options that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "The maximum number of brokers that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "location": "querystring", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" }, "StorageType": { "shape": "__string", "location": "querystring", "locationName": "storageType", - "documentation": "Filter response by storage type." + "documentation": "Filter response by storage type.
" } } }, @@ -1456,17 +1494,17 @@ "BrokerInstanceOptions": { "shape": "__listOfBrokerInstanceOption", "locationName": "brokerInstanceOptions", - "documentation": "List of available broker instance options." + "documentation": "List of available broker instance options.
" }, "MaxResults": { "shape": "__integerMin5Max100", "locationName": "maxResults", - "documentation": "Required. The maximum number of instance options that can be returned per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "Required. The maximum number of instance options that can be returned per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" } } }, @@ -1477,7 +1515,7 @@ "shape": "__string", "location": "uri", "locationName": "broker-id", - "documentation": "The name of the broker. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain whitespaces, brackets, wildcard characters, or special characters." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" } }, "required": [ @@ -1490,142 +1528,142 @@ "AuthenticationStrategy": { "shape": "AuthenticationStrategy", "locationName": "authenticationStrategy", - "documentation": "The authentication strategy used to secure the broker." + "documentation": "The authentication strategy used to secure the broker. The default is SIMPLE.
" }, "AutoMinorVersionUpgrade": { "shape": "__boolean", "locationName": "autoMinorVersionUpgrade", - "documentation": "Required. Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions. The automatic upgrades occur during the maintenance window of the broker or after a manual broker reboot." + "documentation": "Enables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot.
" }, "BrokerArn": { "shape": "__string", "locationName": "brokerArn", - "documentation": "The Amazon Resource Name (ARN) of the broker." + "documentation": "The broker's Amazon Resource Name (ARN).
" }, "BrokerId": { "shape": "__string", "locationName": "brokerId", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" }, "BrokerInstances": { "shape": "__listOfBrokerInstance", "locationName": "brokerInstances", - "documentation": "A list of information about allocated brokers." + "documentation": "A list of information about allocated brokers.
" }, "BrokerName": { "shape": "__string", "locationName": "brokerName", - "documentation": "The name of the broker. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain whitespaces, brackets, wildcard characters, or special characters." + "documentation": "The broker's name. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.
" }, "BrokerState": { "shape": "BrokerState", "locationName": "brokerState", - "documentation": "The status of the broker." + "documentation": "The broker's status.
" }, "Configurations": { "shape": "Configurations", "locationName": "configurations", - "documentation": "The list of all revisions for the specified configuration." + "documentation": "The list of all revisions for the specified configuration.
" }, "Created": { "shape": "__timestampIso8601", "locationName": "created", - "documentation": "The time when the broker was created." + "documentation": "The time when the broker was created.
" }, "DeploymentMode": { "shape": "DeploymentMode", "locationName": "deploymentMode", - "documentation": "Required. The deployment mode of the broker." + "documentation": "The broker's deployment mode.
" }, "EncryptionOptions": { "shape": "EncryptionOptions", "locationName": "encryptionOptions", - "documentation": "Encryption options for the broker." + "documentation": "Encryption options for the broker. Does not apply to RabbitMQ brokers.
" }, "EngineType": { "shape": "EngineType", "locationName": "engineType", - "documentation": "Required. The type of broker engine. Note: Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ." + "documentation": "The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.
" }, "EngineVersion": { "shape": "__string", "locationName": "engineVersion", - "documentation": "The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html" + "documentation": "The broker engine's version. For a list of supported engine versions, see Supported engines.
" }, "HostInstanceType": { "shape": "__string", "locationName": "hostInstanceType", - "documentation": "The broker's instance type." + "documentation": "The broker's instance type.
" }, "LdapServerMetadata": { "shape": "LdapServerMetadataOutput", "locationName": "ldapServerMetadata", - "documentation": "The metadata of the LDAP server used to authenticate and authorize connections to the broker." + "documentation": "The metadata of the LDAP server used to authenticate and authorize connections to the broker.
" }, "Logs": { "shape": "LogsSummary", "locationName": "logs", - "documentation": "The list of information about logs currently enabled and pending to be deployed for the specified broker." + "documentation": "The list of information about logs currently enabled and pending to be deployed for the specified broker.
" }, "MaintenanceWindowStartTime": { "shape": "WeeklyStartTime", "locationName": "maintenanceWindowStartTime", - "documentation": "The parameters that determine the WeeklyStartTime." + "documentation": "The parameters that determine the WeeklyStartTime.
" }, "PendingAuthenticationStrategy": { "shape": "AuthenticationStrategy", "locationName": "pendingAuthenticationStrategy", - "documentation": "The authentication strategy that will be applied when the broker is rebooted." + "documentation": "The authentication strategy that will be applied when the broker is rebooted. The default is SIMPLE.
" }, "PendingEngineVersion": { "shape": "__string", "locationName": "pendingEngineVersion", - "documentation": "The version of the broker engine to upgrade to. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html" + "documentation": "The broker engine version to upgrade to. For a list of supported engine versions, see Supported engines.
" }, "PendingHostInstanceType": { "shape": "__string", "locationName": "pendingHostInstanceType", - "documentation": "The host instance type of the broker to upgrade to. For a list of supported instance types, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide//broker.html#broker-instance-types" + "documentation": "The broker's host instance type to upgrade to. For a list of supported instance types, see Broker instance types.
" }, "PendingLdapServerMetadata": { "shape": "LdapServerMetadataOutput", "locationName": "pendingLdapServerMetadata", - "documentation": "The metadata of the LDAP server that will be used to authenticate and authorize connections to the broker once it is rebooted." + "documentation": "The metadata of the LDAP server that will be used to authenticate and authorize connections to the broker after it is rebooted.
" }, "PendingSecurityGroups": { "shape": "__listOf__string", "locationName": "pendingSecurityGroups", - "documentation": "The list of pending security groups to authorize connections to brokers." + "documentation": "The list of pending security groups to authorize connections to brokers.
" }, "PubliclyAccessible": { "shape": "__boolean", "locationName": "publiclyAccessible", - "documentation": "Required. Enables connections from applications outside of the VPC that hosts the broker's subnets." + "documentation": "Enables connections from applications outside of the VPC that hosts the broker's subnets.
" }, "SecurityGroups": { "shape": "__listOf__string", "locationName": "securityGroups", - "documentation": "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers." + "documentation": "The list of rules (1 minimum, 125 maximum) that authorize connections to brokers.
" }, "StorageType": { "shape": "BrokerStorageType", "locationName": "storageType", - "documentation": "The broker's storage type." + "documentation": "The broker's storage type.
" }, "SubnetIds": { "shape": "__listOf__string", "locationName": "subnetIds", - "documentation": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ deployment (ACTIVEMQ) requires two subnets. A CLUSTER_MULTI_AZ deployment (RABBITMQ) has no subnet requirements when deployed with public accessibility, deployment without public accessibility requires at least one subnet." + "documentation": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones.
" }, "Tags": { "shape": "__mapOf__string", "locationName": "tags", - "documentation": "The list of all tags associated with this broker." + "documentation": "The list of all tags associated with this broker.
" }, "Users": { "shape": "__listOfUserSummary", "locationName": "users", - "documentation": "The list of all broker usernames for the specified broker." + "documentation": "The list of all broker usernames for the specified broker.
" } } }, @@ -1636,7 +1674,7 @@ "shape": "__string", "location": "uri", "locationName": "configuration-id", - "documentation": "The unique ID that Amazon MQ generates for the configuration." + "documentation": "The unique ID that Amazon MQ generates for the configuration.
" } }, "required": [ @@ -1649,52 +1687,52 @@ "Arn": { "shape": "__string", "locationName": "arn", - "documentation": "Required. The ARN of the configuration." + "documentation": "Required. The ARN of the configuration.
" }, "AuthenticationStrategy": { "shape": "AuthenticationStrategy", "locationName": "authenticationStrategy", - "documentation": "The authentication strategy associated with the configuration." + "documentation": "Optional. The authentication strategy associated with the configuration. The default is SIMPLE.
" }, "Created": { "shape": "__timestampIso8601", "locationName": "created", - "documentation": "Required. The date and time of the configuration revision." + "documentation": "Required. The date and time of the configuration revision.
" }, "Description": { "shape": "__string", "locationName": "description", - "documentation": "Required. The description of the configuration." + "documentation": "Required. The description of the configuration.
" }, "EngineType": { "shape": "EngineType", "locationName": "engineType", - "documentation": "Required. The type of broker engine. Note: Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ." + "documentation": "Required. The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.
" }, "EngineVersion": { "shape": "__string", "locationName": "engineVersion", - "documentation": "Required. The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html" + "documentation": "Required. The broker engine's version. For a list of supported engine versions, see, Supported engines.
" }, "Id": { "shape": "__string", "locationName": "id", - "documentation": "Required. The unique ID that Amazon MQ generates for the configuration." + "documentation": "Required. The unique ID that Amazon MQ generates for the configuration.
" }, "LatestRevision": { "shape": "ConfigurationRevision", "locationName": "latestRevision", - "documentation": "Required. The latest revision of the configuration." + "documentation": "Required. The latest revision of the configuration.
" }, "Name": { "shape": "__string", "locationName": "name", - "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long." + "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.
" }, "Tags": { "shape": "__mapOf__string", "locationName": "tags", - "documentation": "The list of all tags associated with this configuration." + "documentation": "The list of all tags associated with this configuration.
" } } }, @@ -1705,13 +1743,13 @@ "shape": "__string", "location": "uri", "locationName": "configuration-id", - "documentation": "The unique ID that Amazon MQ generates for the configuration." + "documentation": "The unique ID that Amazon MQ generates for the configuration.
" }, "ConfigurationRevision": { "shape": "__string", "location": "uri", "locationName": "configuration-revision", - "documentation": "The revision of the configuration." + "documentation": "The revision of the configuration.
" } }, "required": [ @@ -1725,22 +1763,22 @@ "ConfigurationId": { "shape": "__string", "locationName": "configurationId", - "documentation": "Required. The unique ID that Amazon MQ generates for the configuration." + "documentation": "Required. The unique ID that Amazon MQ generates for the configuration.
" }, "Created": { "shape": "__timestampIso8601", "locationName": "created", - "documentation": "Required. The date and time of the configuration." + "documentation": "Required. The date and time of the configuration.
" }, "Data": { "shape": "__string", "locationName": "data", - "documentation": "Required. The base64-encoded XML configuration." + "documentation": "Required. The base64-encoded XML configuration.
" }, "Description": { "shape": "__string", "locationName": "description", - "documentation": "The description of the configuration." + "documentation": "The description of the configuration.
" } } }, @@ -1751,13 +1789,13 @@ "shape": "__string", "location": "uri", "locationName": "broker-id", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" }, "Username": { "shape": "__string", "location": "uri", "locationName": "username", - "documentation": "The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" } }, "required": [ @@ -1771,27 +1809,27 @@ "BrokerId": { "shape": "__string", "locationName": "brokerId", - "documentation": "Required. The unique ID that Amazon MQ generates for the broker." + "documentation": "Required. The unique ID that Amazon MQ generates for the broker.
" }, "ConsoleAccess": { "shape": "__boolean", "locationName": "consoleAccess", - "documentation": "Enables access to the the ActiveMQ Web Console for the ActiveMQ user." + "documentation": "Enables access to the the ActiveMQ Web Console for the ActiveMQ user.
" }, "Groups": { "shape": "__listOf__string", "locationName": "groups", - "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" }, "Pending": { "shape": "UserPendingChanges", "locationName": "pending", - "documentation": "The status of the changes pending for the ActiveMQ user." + "documentation": "The status of the changes pending for the ActiveMQ user.
" }, "Username": { "shape": "__string", "locationName": "username", - "documentation": "Required. The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "Required. The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" } } }, @@ -1801,22 +1839,22 @@ "KmsKeyId": { "shape": "__string", "locationName": "kmsKeyId", - "documentation": "The symmetric customer master key (CMK) to use for the AWS Key Management Service (KMS). This key is used to encrypt your data at rest. If not provided, Amazon MQ will use a default CMK to encrypt your data." + "documentation": "The customer master key (CMK) to use for the AWS Key Management Service (KMS). This key is used to encrypt your data at rest. If not provided, Amazon MQ will use a default CMK to encrypt your data.
" }, "UseAwsOwnedKey": { "shape": "__boolean", "locationName": "useAwsOwnedKey", - "documentation": "Enables the use of an AWS owned CMK using AWS Key Management Service (KMS)." + "documentation": "Enables the use of an AWS owned CMK using AWS Key Management Service (KMS). Set to true by default, if no value is provided, for example, for RabbitMQ brokers.
" } }, - "documentation": "Encryption options for the broker.", + "documentation": "Does not apply to RabbitMQ brokers.
Encryption options for the broker.
", "required": [ "UseAwsOwnedKey" ] }, "EngineType": { "type": "string", - "documentation": "The type of broker engine. Note: Currently, Amazon MQ supports ActiveMQ and RabbitMQ.", + "documentation": "The type of broker engine. Amazon MQ supports ActiveMQ and RabbitMQ.
", "enum": [ "ACTIVEMQ", "RABBITMQ" @@ -1828,10 +1866,10 @@ "Name": { "shape": "__string", "locationName": "name", - "documentation": "Id for the version." + "documentation": "Id for the version.
" } }, - "documentation": "Id of the engine version." + "documentation": "Id of the engine version.
" }, "LdapServerMetadataInput": { "type": "structure", @@ -1839,60 +1877,69 @@ "Hosts": { "shape": "__listOf__string", "locationName": "hosts", - "documentation": "Fully qualified domain name of the LDAP server. Optional failover server." + "documentation": "Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory . Optional failover server.
" }, "RoleBase": { "shape": "__string", "locationName": "roleBase", - "documentation": "Fully qualified name of the directory to search for a user’s groups." + "documentation": "The distinguished name of the node in the directory information tree (DIT) to search for roles or groups. For example, ou=group, ou=corp, dc=corp,\n dc=example, dc=com.
" }, "RoleName": { "shape": "__string", "locationName": "roleName", - "documentation": "Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query." + "documentation": "Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.
" }, "RoleSearchMatching": { "shape": "__string", "locationName": "roleSearchMatching", - "documentation": "The search criteria for groups." + "documentation": "The LDAP search filter used to find roles within the roleBase. The distinguished name of the user matched by userSearchMatching is substituted into the {0} placeholder in the search filter. The client's username is substituted into the {1} placeholder. For example, if you set this option to (member=uid={1})for the user janedoe, the search filter becomes (member=uid=janedoe) after string substitution. It matches all role entries that have a member attribute equal to uid=janedoe under the subtree selected by the roleBase.
" }, "RoleSearchSubtree": { "shape": "__boolean", "locationName": "roleSearchSubtree", - "documentation": "The directory search scope for the role. If set to true, scope is to search the entire sub-tree." + "documentation": "The directory search scope for the role. If set to true, scope is to search the entire subtree.
" }, "ServiceAccountPassword": { "shape": "__string", "locationName": "serviceAccountPassword", - "documentation": "Service account password." + "documentation": "Service account password. A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin,dc=corp, dc=example,\n dc=com.
" }, "ServiceAccountUsername": { "shape": "__string", "locationName": "serviceAccountUsername", - "documentation": "Service account username." + "documentation": "Service account username. A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin,dc=corp, dc=example,\n dc=com.
" }, "UserBase": { "shape": "__string", "locationName": "userBase", - "documentation": "Fully qualified name of the directory where you want to search for users." + "documentation": "Select a particular subtree of the directory information tree (DIT) to search for user entries. The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to ou=Users,ou=corp, dc=corp,\n dc=example, dc=com, the search for user entries is restricted to the subtree beneath ou=Users, ou=corp, dc=corp, dc=example, dc=com.
" }, "UserRoleName": { "shape": "__string", "locationName": "userRoleName", - "documentation": "Specifies the name of the LDAP attribute for the user group membership." + "documentation": "Specifies the name of the LDAP attribute for the user group membership.
" }, "UserSearchMatching": { "shape": "__string", "locationName": "userSearchMatching", - "documentation": "The search criteria for users." + "documentation": "The LDAP search filter used to find users within the userBase. The client's username is substituted into the {0} placeholder in the search filter. For example, if this option is set to (uid={0}) and the received username is janedoe, the search filter becomes (uid=janedoe) after string substitution. It will result in matching an entry like uid=janedoe, ou=Users,ou=corp, dc=corp, dc=example,\n dc=com.
" }, "UserSearchSubtree": { "shape": "__boolean", "locationName": "userSearchSubtree", - "documentation": "The directory search scope for the user. If set to true, scope is to search the entire sub-tree." + "documentation": "The directory search scope for the user. If set to true, scope is to search the entire subtree.
" } }, - "documentation": "The metadata of the LDAP server used to authenticate and authorize connections to the broker." + "documentation": "Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker.
Does not apply to RabbitMQ brokers.
Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory . Optional failover server.
" }, "RoleBase": { "shape": "__string", "locationName": "roleBase", - "documentation": "Fully qualified name of the directory to search for a user’s groups." + "documentation": "The distinguished name of the node in the directory information tree (DIT) to search for roles or groups. For example, ou=group, ou=corp, dc=corp,\n dc=example, dc=com.
" }, "RoleName": { "shape": "__string", "locationName": "roleName", - "documentation": "Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query." + "documentation": "Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.
" }, "RoleSearchMatching": { "shape": "__string", "locationName": "roleSearchMatching", - "documentation": "The search criteria for groups." + "documentation": "The LDAP search filter used to find roles within the roleBase. The distinguished name of the user matched by userSearchMatching is substituted into the {0} placeholder in the search filter. The client's username is substituted into the {1} placeholder. For example, if you set this option to (member=uid={1})for the user janedoe, the search filter becomes (member=uid=janedoe) after string substitution. It matches all role entries that have a member attribute equal to uid=janedoe under the subtree selected by the roleBase.
" }, "RoleSearchSubtree": { "shape": "__boolean", "locationName": "roleSearchSubtree", - "documentation": "The directory search scope for the role. If set to true, scope is to search the entire sub-tree." + "documentation": "The directory search scope for the role. If set to true, scope is to search the entire subtree.
" }, "ServiceAccountUsername": { "shape": "__string", "locationName": "serviceAccountUsername", - "documentation": "Service account username." + "documentation": "Service account username. A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin,dc=corp, dc=example,\n dc=com.
" }, "UserBase": { "shape": "__string", "locationName": "userBase", - "documentation": "Fully qualified name of the directory where you want to search for users." + "documentation": "Select a particular subtree of the directory information tree (DIT) to search for user entries. The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to ou=Users,ou=corp, dc=corp,\n dc=example, dc=com, the search for user entries is restricted to the subtree beneath ou=Users, ou=corp, dc=corp, dc=example, dc=com.
" }, "UserRoleName": { "shape": "__string", "locationName": "userRoleName", - "documentation": "Specifies the name of the LDAP attribute for the user group membership." + "documentation": "Specifies the name of the LDAP attribute for the user group membership.
" }, "UserSearchMatching": { "shape": "__string", "locationName": "userSearchMatching", - "documentation": "The search criteria for users." + "documentation": "The LDAP search filter used to find users within the userBase. The client's username is substituted into the {0} placeholder in the search filter. For example, if this option is set to (uid={0}) and the received username is janedoe, the search filter becomes (uid=janedoe) after string substitution. It will result in matching an entry like uid=janedoe, ou=Users,ou=corp, dc=corp, dc=example,\n dc=com.
" }, "UserSearchSubtree": { "shape": "__boolean", "locationName": "userSearchSubtree", - "documentation": "The directory search scope for the user. If set to true, scope is to search the entire sub-tree." + "documentation": "The directory search scope for the user. If set to true, scope is to search the entire subtree.
" } }, - "documentation": "The metadata of the LDAP server used to authenticate and authorize connections to the broker." + "documentation": "Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker.
", + "required": [ + "Hosts", + "UserSearchMatching", + "UserBase", + "RoleSearchMatching", + "ServiceAccountUsername", + "RoleBase" + ] }, "ListBrokersRequest": { "type": "structure", @@ -1957,13 +2012,13 @@ "shape": "MaxResults", "location": "querystring", "locationName": "maxResults", - "documentation": "The maximum number of brokers that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "The maximum number of brokers that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "location": "querystring", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" } } }, @@ -1973,12 +2028,12 @@ "BrokerSummaries": { "shape": "__listOfBrokerSummary", "locationName": "brokerSummaries", - "documentation": "A list of information about all brokers." + "documentation": "A list of information about all brokers.
" }, "NextToken": { "shape": "__string", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" } } }, @@ -1989,19 +2044,19 @@ "shape": "__string", "location": "uri", "locationName": "configuration-id", - "documentation": "The unique ID that Amazon MQ generates for the configuration." + "documentation": "The unique ID that Amazon MQ generates for the configuration.
" }, "MaxResults": { "shape": "MaxResults", "location": "querystring", "locationName": "maxResults", - "documentation": "The maximum number of configurations that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "The maximum number of brokers that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "location": "querystring", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" } }, "required": [ @@ -2014,22 +2069,22 @@ "ConfigurationId": { "shape": "__string", "locationName": "configurationId", - "documentation": "The unique ID that Amazon MQ generates for the configuration." + "documentation": "The unique ID that Amazon MQ generates for the configuration.
" }, "MaxResults": { "shape": "__integer", "locationName": "maxResults", - "documentation": "The maximum number of configuration revisions that can be returned per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "The maximum number of configuration revisions that can be returned per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" }, "Revisions": { "shape": "__listOfConfigurationRevision", "locationName": "revisions", - "documentation": "The list of all revisions for the specified configuration." + "documentation": "The list of all revisions for the specified configuration.
" } } }, @@ -2040,13 +2095,13 @@ "shape": "MaxResults", "location": "querystring", "locationName": "maxResults", - "documentation": "The maximum number of configurations that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "The maximum number of brokers that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "location": "querystring", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" } } }, @@ -2056,17 +2111,17 @@ "Configurations": { "shape": "__listOfConfiguration", "locationName": "configurations", - "documentation": "The list of all revisions for the specified configuration." + "documentation": "The list of all revisions for the specified configuration.
" }, "MaxResults": { "shape": "__integer", "locationName": "maxResults", - "documentation": "The maximum number of configurations that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "The maximum number of configurations that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" } } }, @@ -2077,7 +2132,7 @@ "shape": "__string", "location": "uri", "locationName": "resource-arn", - "documentation": "The Amazon Resource Name (ARN) of the resource tag." + "documentation": "The Amazon Resource Name (ARN) of the resource tag.
" } }, "required": [ @@ -2090,7 +2145,7 @@ "Tags": { "shape": "__mapOf__string", "locationName": "tags", - "documentation": "The key-value pair for the resource tag." + "documentation": "The key-value pair for the resource tag.
" } } }, @@ -2101,19 +2156,19 @@ "shape": "__string", "location": "uri", "locationName": "broker-id", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" }, "MaxResults": { "shape": "MaxResults", "location": "querystring", "locationName": "maxResults", - "documentation": "The maximum number of ActiveMQ users that can be returned per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "The maximum number of brokers that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "location": "querystring", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" } }, "required": [ @@ -2126,22 +2181,22 @@ "BrokerId": { "shape": "__string", "locationName": "brokerId", - "documentation": "Required. The unique ID that Amazon MQ generates for the broker." + "documentation": "Required. The unique ID that Amazon MQ generates for the broker.
" }, "MaxResults": { "shape": "__integerMin5Max100", "locationName": "maxResults", - "documentation": "Required. The maximum number of ActiveMQ users that can be returned per page (20 by default). This value must be an integer from 5 to 100." + "documentation": "Required. The maximum number of ActiveMQ users that can be returned per page (20 by default). This value must be an integer from 5 to 100.
" }, "NextToken": { "shape": "__string", "locationName": "nextToken", - "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty." + "documentation": "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.
" }, "Users": { "shape": "__listOfUserSummary", "locationName": "users", - "documentation": "Required. The list of all ActiveMQ usernames for the specified broker." + "documentation": "Required. The list of all ActiveMQ usernames for the specified broker. Does not apply to RabbitMQ brokers.
" } } }, @@ -2151,15 +2206,15 @@ "Audit": { "shape": "__boolean", "locationName": "audit", - "documentation": "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged. Does not apply to RabbitMQ brokers." + "documentation": "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged. Does not apply to RabbitMQ brokers.
" }, "General": { "shape": "__boolean", "locationName": "general", - "documentation": "Enables general logging." + "documentation": "Enables general logging.
" } }, - "documentation": "The list of information about logs to be enabled for the specified broker." + "documentation": "The list of information about logs to be enabled for the specified broker.
" }, "LogsSummary": { "type": "structure", @@ -2167,30 +2222,34 @@ "Audit": { "shape": "__boolean", "locationName": "audit", - "documentation": "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged." + "documentation": "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged.
" }, "AuditLogGroup": { "shape": "__string", "locationName": "auditLogGroup", - "documentation": "The location of the CloudWatch Logs log group where audit logs are sent." + "documentation": "The location of the CloudWatch Logs log group where audit logs are sent.
" }, "General": { "shape": "__boolean", "locationName": "general", - "documentation": "Enables general logging." + "documentation": "Enables general logging.
" }, "GeneralLogGroup": { "shape": "__string", "locationName": "generalLogGroup", - "documentation": "The location of the CloudWatch Logs log group where general logs are sent." + "documentation": "The location of the CloudWatch Logs log group where general logs are sent.
" }, "Pending": { "shape": "PendingLogs", "locationName": "pending", - "documentation": "The list of information about logs pending to be deployed for the specified broker." + "documentation": "The list of information about logs pending to be deployed for the specified broker.
" } }, - "documentation": "The list of information about logs currently enabled and pending to be deployed for the specified broker." + "documentation": "The list of information about logs currently enabled and pending to be deployed for the specified broker.
", + "required": [ + "GeneralLogGroup", + "General" + ] }, "MaxResults": { "type": "integer", @@ -2203,15 +2262,15 @@ "Audit": { "shape": "__boolean", "locationName": "audit", - "documentation": "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged." + "documentation": "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged.
" }, "General": { "shape": "__boolean", "locationName": "general", - "documentation": "Enables general logging." + "documentation": "Enables general logging.
" } }, - "documentation": "The list of information about logs to be enabled for the specified broker." + "documentation": "The list of information about logs to be enabled for the specified broker.
" }, "RebootBrokerRequest": { "type": "structure", @@ -2220,7 +2279,7 @@ "shape": "__string", "location": "uri", "locationName": "broker-id", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" } }, "required": [ @@ -2237,24 +2296,27 @@ "AttributeName": { "shape": "__string", "locationName": "attributeName", - "documentation": "The name of the XML attribute that has been sanitized." + "documentation": "The name of the XML attribute that has been sanitized.
" }, "ElementName": { "shape": "__string", "locationName": "elementName", - "documentation": "The name of the XML element that has been sanitized." + "documentation": "The name of the XML element that has been sanitized.
" }, "Reason": { "shape": "SanitizationWarningReason", "locationName": "reason", - "documentation": "Required. The reason for which the XML elements or attributes were sanitized." + "documentation": "Required. The reason for which the XML elements or attributes were sanitized.
" } }, - "documentation": "Returns information about the XML element or attribute that was sanitized in the configuration." + "documentation": "Returns information about the XML element or attribute that was sanitized in the configuration.
", + "required": [ + "Reason" + ] }, "SanitizationWarningReason": { "type": "string", - "documentation": "The reason for which the XML elements or attributes were sanitized.", + "documentation": "The reason for which the XML elements or attributes were sanitized.
", "enum": [ "DISALLOWED_ELEMENT_REMOVED", "DISALLOWED_ATTRIBUTE_REMOVED", @@ -2267,51 +2329,56 @@ "AuthenticationStrategy": { "shape": "AuthenticationStrategy", "locationName": "authenticationStrategy", - "documentation": "The authentication strategy used to secure the broker." + "documentation": "Optional. The authentication strategy used to secure the broker. The default is SIMPLE.
" }, "AutoMinorVersionUpgrade": { "shape": "__boolean", "locationName": "autoMinorVersionUpgrade", - "documentation": "Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions. The automatic upgrades occur during the maintenance window of the broker or after a manual broker reboot." + "documentation": "Enables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot.
" }, "BrokerId": { "shape": "__string", "location": "uri", "locationName": "broker-id", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" }, "Configuration": { "shape": "ConfigurationId", "locationName": "configuration", - "documentation": "A list of information about the configuration." + "documentation": "A list of information about the configuration.
" }, "EngineVersion": { "shape": "__string", "locationName": "engineVersion", - "documentation": "The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html" + "documentation": "The broker engine version. For a list of supported engine versions, see Supported engines.
" }, "HostInstanceType": { "shape": "__string", "locationName": "hostInstanceType", - "documentation": "The host instance type of the broker to upgrade to. For a list of supported instance types, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide//broker.html#broker-instance-types" + "documentation": "The broker's host instance type to upgrade to. For a list of supported instance types, see Broker instance types.
" }, "LdapServerMetadata": { "shape": "LdapServerMetadataInput", "locationName": "ldapServerMetadata", - "documentation": "The metadata of the LDAP server used to authenticate and authorize connections to the broker." + "documentation": "Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. Does not apply to RabbitMQ brokers.
" }, "Logs": { "shape": "Logs", "locationName": "logs", - "documentation": "Enables Amazon CloudWatch logging for brokers." + "documentation": "Enables Amazon CloudWatch logging for brokers.
" + }, + "MaintenanceWindowStartTime": { + "shape": "WeeklyStartTime", + "locationName": "maintenanceWindowStartTime", + "documentation": "The parameters that determine the WeeklyStartTime.
" }, "SecurityGroups": { "shape": "__listOf__string", "locationName": "securityGroups", - "documentation": "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers." + "documentation": "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers.
" } }, - "documentation": "Updates the broker using the specified properties.", + "documentation": "Updates the broker using the specified properties.
", "required": [ "BrokerId" ] @@ -2322,47 +2389,52 @@ "AuthenticationStrategy": { "shape": "AuthenticationStrategy", "locationName": "authenticationStrategy", - "documentation": "The authentication strategy used to secure the broker." + "documentation": "Optional. The authentication strategy used to secure the broker. The default is SIMPLE.
" }, "AutoMinorVersionUpgrade": { "shape": "__boolean", "locationName": "autoMinorVersionUpgrade", - "documentation": "The new value of automatic upgrades to new minor version for brokers." + "documentation": "The new boolean value that specifies whether broker engines automatically upgrade to new minor versions as new versions are released and supported by Amazon MQ.
" }, "BrokerId": { "shape": "__string", "locationName": "brokerId", - "documentation": "Required. The unique ID that Amazon MQ generates for the broker." + "documentation": "Required. The unique ID that Amazon MQ generates for the broker.
" }, "Configuration": { "shape": "ConfigurationId", "locationName": "configuration", - "documentation": "The ID of the updated configuration." + "documentation": "The ID of the updated configuration.
" }, "EngineVersion": { "shape": "__string", "locationName": "engineVersion", - "documentation": "The version of the broker engine to upgrade to. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html" + "documentation": "The broker engine version to upgrade to. For a list of supported engine versions, see Supported engines.
" }, "HostInstanceType": { "shape": "__string", "locationName": "hostInstanceType", - "documentation": "The host instance type of the broker to upgrade to. For a list of supported instance types, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide//broker.html#broker-instance-types" + "documentation": "The broker's host instance type to upgrade to. For a list of supported instance types, see Broker instance types.
" }, "LdapServerMetadata": { "shape": "LdapServerMetadataOutput", "locationName": "ldapServerMetadata", - "documentation": "The metadata of the LDAP server used to authenticate and authorize connections to the broker." + "documentation": "Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. Does not apply to RabbitMQ brokers.
" }, "Logs": { "shape": "Logs", "locationName": "logs", - "documentation": "The list of information about logs to be enabled for the specified broker." + "documentation": "The list of information about logs to be enabled for the specified broker.
" + }, + "MaintenanceWindowStartTime": { + "shape": "WeeklyStartTime", + "locationName": "maintenanceWindowStartTime", + "documentation": "The parameters that determine the WeeklyStartTime.
" }, "SecurityGroups": { "shape": "__listOf__string", "locationName": "securityGroups", - "documentation": "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers." + "documentation": "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers.
" } } }, @@ -2373,22 +2445,23 @@ "shape": "__string", "location": "uri", "locationName": "configuration-id", - "documentation": "The unique ID that Amazon MQ generates for the configuration." + "documentation": "The unique ID that Amazon MQ generates for the configuration.
" }, "Data": { "shape": "__string", "locationName": "data", - "documentation": "Required. The base64-encoded XML configuration." + "documentation": "Required. The base64-encoded XML configuration.
" }, "Description": { "shape": "__string", "locationName": "description", - "documentation": "The description of the configuration." + "documentation": "The description of the configuration.
" } }, - "documentation": "Updates the specified configuration.", + "documentation": "Updates the specified configuration.
", "required": [ - "ConfigurationId" + "ConfigurationId", + "Data" ] }, "UpdateConfigurationResponse": { @@ -2397,32 +2470,32 @@ "Arn": { "shape": "__string", "locationName": "arn", - "documentation": "Required. The Amazon Resource Name (ARN) of the configuration." + "documentation": "Required. The Amazon Resource Name (ARN) of the configuration.
" }, "Created": { "shape": "__timestampIso8601", "locationName": "created", - "documentation": "Required. The date and time of the configuration." + "documentation": "Required. The date and time of the configuration.
" }, "Id": { "shape": "__string", "locationName": "id", - "documentation": "Required. The unique ID that Amazon MQ generates for the configuration." + "documentation": "Required. The unique ID that Amazon MQ generates for the configuration.
" }, "LatestRevision": { "shape": "ConfigurationRevision", "locationName": "latestRevision", - "documentation": "The latest revision of the configuration." + "documentation": "The latest revision of the configuration.
" }, "Name": { "shape": "__string", "locationName": "name", - "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long." + "documentation": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.
" }, "Warnings": { "shape": "__listOfSanitizationWarning", "locationName": "warnings", - "documentation": "The list of the first 20 warnings about the configuration XML elements or attributes that were sanitized." + "documentation": "The list of the first 20 warnings about the configuration XML elements or attributes that were sanitized.
" } } }, @@ -2433,31 +2506,31 @@ "shape": "__string", "location": "uri", "locationName": "broker-id", - "documentation": "The unique ID that Amazon MQ generates for the broker." + "documentation": "The unique ID that Amazon MQ generates for the broker.
" }, "ConsoleAccess": { "shape": "__boolean", "locationName": "consoleAccess", - "documentation": "Enables access to the the ActiveMQ Web Console for the ActiveMQ user." + "documentation": "Enables access to the the ActiveMQ Web Console for the ActiveMQ user.
" }, "Groups": { "shape": "__listOf__string", "locationName": "groups", - "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" }, "Password": { "shape": "__string", "locationName": "password", - "documentation": "The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas." + "documentation": "The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).
" }, "Username": { "shape": "__string", "location": "uri", "locationName": "username", - "documentation": "Required. The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" } }, - "documentation": "Updates the information for an ActiveMQ user.", + "documentation": "Updates the information for an ActiveMQ user.
", "required": [ "Username", "BrokerId" @@ -2473,25 +2546,29 @@ "ConsoleAccess": { "shape": "__boolean", "locationName": "consoleAccess", - "documentation": "Enables access to the ActiveMQ Web Console for the ActiveMQ user (Does not apply to RabbitMQ brokers)." + "documentation": "Enables access to the ActiveMQ Web Console for the ActiveMQ user. Does not apply to RabbitMQ brokers.
" }, "Groups": { "shape": "__listOf__string", "locationName": "groups", - "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long. Does not apply to RabbitMQ brokers.
" }, "Password": { "shape": "__string", "locationName": "password", - "documentation": "Required. The password of the broker user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas." + "documentation": "Required. The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).
" }, "Username": { "shape": "__string", "locationName": "username", - "documentation": "Required. The username of the broker user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "important>
For RabbitMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores (- . _). This value must not contain a tilde (~) character. Amazon MQ prohibts using guest as a valid usename. This value must be 2-100 characters long.
A user associated with the broker. For RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.
", + "required": [ + "Username", + "Password" + ] }, "UserPendingChanges": { "type": "structure", @@ -2499,20 +2576,23 @@ "ConsoleAccess": { "shape": "__boolean", "locationName": "consoleAccess", - "documentation": "Enables access to the the ActiveMQ Web Console for the ActiveMQ user." + "documentation": "Enables access to the the ActiveMQ Web Console for the ActiveMQ user.
" }, "Groups": { "shape": "__listOf__string", "locationName": "groups", - "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" }, "PendingChange": { "shape": "ChangeType", "locationName": "pendingChange", - "documentation": "Required. The type of change pending for the ActiveMQ user." + "documentation": "Required. The type of change pending for the ActiveMQ user.
" } }, - "documentation": "Returns information about the status of the changes pending for the ActiveMQ user." + "documentation": "Returns information about the status of the changes pending for the ActiveMQ user.
", + "required": [ + "PendingChange" + ] }, "UserSummary": { "type": "structure", @@ -2520,15 +2600,18 @@ "PendingChange": { "shape": "ChangeType", "locationName": "pendingChange", - "documentation": "The type of change pending for the broker user." + "documentation": "The type of change pending for the broker user.
" }, "Username": { "shape": "__string", "locationName": "username", - "documentation": "Required. The username of the broker user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "documentation": "Required. The username of the broker user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.
" } }, - "documentation": "Returns a list of all broker users." + "documentation": "Returns a list of all broker users. Does not apply to RabbitMQ brokers.
", + "required": [ + "Username" + ] }, "WeeklyStartTime": { "type": "structure", @@ -2536,20 +2619,24 @@ "DayOfWeek": { "shape": "DayOfWeek", "locationName": "dayOfWeek", - "documentation": "Required. The day of the week." + "documentation": "Required. The day of the week.
" }, "TimeOfDay": { "shape": "__string", "locationName": "timeOfDay", - "documentation": "Required. The time, in 24-hour format." + "documentation": "Required. The time, in 24-hour format.
" }, "TimeZone": { "shape": "__string", "locationName": "timeZone", - "documentation": "The time zone, UTC by default, in either the Country/City format, or the UTC offset format." + "documentation": "The time zone, UTC by default, in either the Country/City format, or the UTC offset format.
" } }, - "documentation": "The scheduled time period relative to UTC during which Amazon MQ begins to apply pending updates or patches to the broker." + "documentation": "The scheduled time period relative to UTC during which Amazon MQ begins to apply pending updates or patches to the broker.
", + "required": [ + "TimeOfDay", + "DayOfWeek" + ] }, "__boolean": { "type": "boolean" @@ -2673,5 +2760,5 @@ } } }, - "documentation": "Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers in the cloud. A message broker allows software applications and components to communicate using various programming languages, operating systems, and formal messaging protocols." + "documentation": "Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers in the cloud. A message broker allows software applications and components to communicate using various programming languages, operating systems, and formal messaging protocols.
" } \ No newline at end of file diff --git a/apis/storagegateway-2013-06-30.min.json b/apis/storagegateway-2013-06-30.min.json index 1e3be467bc..8c64240a5d 100644 --- a/apis/storagegateway-2013-06-30.min.json +++ b/apis/storagegateway-2013-06-30.min.json @@ -171,6 +171,9 @@ "AuditDestinationARN": {}, "CacheAttributes": { "shape": "S11" + }, + "EndpointNetworkConfiguration": { + "shape": "S13" } } }, @@ -292,7 +295,7 @@ "members": { "ClientToken": {}, "NFSFileShareDefaults": { - "shape": "S1m" + "shape": "S1p" }, "GatewayARN": {}, "KMSEncrypted": { @@ -304,7 +307,7 @@ "DefaultStorageClass": {}, "ObjectACL": {}, "ClientList": { - "shape": "S1t" + "shape": "S1w" }, "Squash": {}, "ReadOnly": { @@ -323,7 +326,9 @@ "CacheAttributes": { "shape": "S11" }, - "NotificationPolicy": {} + "NotificationPolicy": {}, + "VPCEndpointDNSName": {}, + "BucketRegion": {} } }, "output": { @@ -369,13 +374,13 @@ "type": "boolean" }, "AdminUserList": { - "shape": "S21" + "shape": "S25" }, "ValidUserList": { - "shape": "S21" + "shape": "S25" }, "InvalidUserList": { - "shape": "S21" + "shape": "S25" }, "AuditDestinationARN": {}, "Authentication": {}, @@ -387,7 +392,12 @@ "CacheAttributes": { "shape": "S11" }, - "NotificationPolicy": {} + "NotificationPolicy": {}, + "VPCEndpointDNSName": {}, + "BucketRegion": {}, + "OplocksEnabled": { + "type": "boolean" + } } }, "output": { @@ -580,7 +590,7 @@ "type": "structure", "members": { "TapeARNs": { - "shape": "S2t" + "shape": "S2x" } } } @@ -830,7 +840,7 @@ "members": { "GatewayARN": {}, "BandwidthRateLimitIntervals": { - "shape": "S3q" + "shape": "S3u" } } } @@ -878,7 +888,7 @@ ], "members": { "VolumeARNs": { - "shape": "S40" + "shape": "S44" } } }, @@ -903,7 +913,7 @@ }, "SourceSnapshotId": {}, "VolumeiSCSIAttributes": { - "shape": "S49" + "shape": "S4d" }, "CreatedDate": { "type": "timestamp" @@ -939,11 +949,11 @@ "members": { "TargetARN": {}, "SecretToAuthenticateInitiator": { - "shape": "S4i" + "shape": "S4m" }, "InitiatorName": {}, "SecretToAuthenticateTarget": { - "shape": "S4i" + "shape": "S4m" } } } @@ -982,6 +992,9 @@ }, "CacheAttributes": { "shape": "S11" + }, + "EndpointNetworkConfiguration": { + "shape": "S13" } } } @@ -1031,7 +1044,12 @@ "HostEnvironment": {}, "EndpointType": {}, "SoftwareUpdatesEndDate": {}, - "DeprecationDate": {} + "DeprecationDate": {}, + "GatewayCapacity": {}, + "SupportedGatewayCapacities": { + "type": "list", + "member": {} + } } } }, @@ -1073,7 +1091,7 @@ ], "members": { "FileShareARNList": { - "shape": "S58" + "shape": "S5e" } } }, @@ -1086,7 +1104,7 @@ "type": "structure", "members": { "NFSFileShareDefaults": { - "shape": "S1m" + "shape": "S1p" }, "FileShareARN": {}, "FileShareId": {}, @@ -1102,7 +1120,7 @@ "DefaultStorageClass": {}, "ObjectACL": {}, "ClientList": { - "shape": "S1t" + "shape": "S1w" }, "Squash": {}, "ReadOnly": { @@ -1121,7 +1139,9 @@ "CacheAttributes": { "shape": "S11" }, - "NotificationPolicy": {} + "NotificationPolicy": {}, + "VPCEndpointDNSName": {}, + "BucketRegion": {} } } } @@ -1136,7 +1156,7 @@ ], "members": { "FileShareARNList": { - "shape": "S58" + "shape": "S5e" } } }, @@ -1177,13 +1197,13 @@ "type": "boolean" }, "AdminUserList": { - "shape": "S21" + "shape": "S25" }, "ValidUserList": { - "shape": "S21" + "shape": "S25" }, "InvalidUserList": { - "shape": "S21" + "shape": "S25" }, "AuditDestinationARN": {}, "Authentication": {}, @@ -1195,7 +1215,12 @@ "CacheAttributes": { "shape": "S11" }, - "NotificationPolicy": {} + "NotificationPolicy": {}, + "VPCEndpointDNSName": {}, + "BucketRegion": {}, + "OplocksEnabled": { + "type": "boolean" + } } } } @@ -1264,7 +1289,7 @@ ], "members": { "VolumeARNs": { - "shape": "S40" + "shape": "S44" } } }, @@ -1293,7 +1318,7 @@ "type": "boolean" }, "VolumeiSCSIAttributes": { - "shape": "S49" + "shape": "S4d" }, "CreatedDate": { "type": "timestamp" @@ -1314,7 +1339,7 @@ "type": "structure", "members": { "TapeARNs": { - "shape": "S2t" + "shape": "S2x" }, "Marker": {}, "Limit": { @@ -1411,7 +1436,7 @@ "members": { "GatewayARN": {}, "TapeARNs": { - "shape": "S2t" + "shape": "S2x" }, "Marker": {}, "Limit": { @@ -1671,7 +1696,7 @@ "type": "structure", "members": { "AutomaticTapeCreationRules": { - "shape": "S77" + "shape": "S7d" }, "GatewayARN": {} } @@ -1880,7 +1905,7 @@ "type": "structure", "members": { "TapeARNs": { - "shape": "S2t" + "shape": "S2x" }, "Marker": {}, "Limit": { @@ -2230,7 +2255,7 @@ ], "members": { "AutomaticTapeCreationRules": { - "shape": "S77" + "shape": "S7d" }, "GatewayARN": {} } @@ -2275,7 +2300,7 @@ "members": { "GatewayARN": {}, "BandwidthRateLimitIntervals": { - "shape": "S3q" + "shape": "S3u" } } }, @@ -2297,11 +2322,11 @@ "members": { "TargetARN": {}, "SecretToAuthenticateInitiator": { - "shape": "S4i" + "shape": "S4m" }, "InitiatorName": {}, "SecretToAuthenticateTarget": { - "shape": "S4i" + "shape": "S4m" } } }, @@ -2348,7 +2373,8 @@ "GatewayARN": {}, "GatewayName": {}, "GatewayTimezone": {}, - "CloudWatchLogGroupARN": {} + "CloudWatchLogGroupARN": {}, + "GatewayCapacity": {} } }, "output": { @@ -2420,12 +2446,12 @@ }, "KMSKey": {}, "NFSFileShareDefaults": { - "shape": "S1m" + "shape": "S1p" }, "DefaultStorageClass": {}, "ObjectACL": {}, "ClientList": { - "shape": "S1t" + "shape": "S1w" }, "Squash": {}, "ReadOnly": { @@ -2481,13 +2507,13 @@ "type": "boolean" }, "AdminUserList": { - "shape": "S21" + "shape": "S25" }, "ValidUserList": { - "shape": "S21" + "shape": "S25" }, "InvalidUserList": { - "shape": "S21" + "shape": "S25" }, "AuditDestinationARN": {}, "CaseSensitivity": {}, @@ -2495,7 +2521,10 @@ "CacheAttributes": { "shape": "S11" }, - "NotificationPolicy": {} + "NotificationPolicy": {}, + "OplocksEnabled": { + "type": "boolean" + } } }, "output": { @@ -2625,7 +2654,16 @@ } } }, - "S1m": { + "S13": { + "type": "structure", + "members": { + "IpAddresses": { + "type": "list", + "member": {} + } + } + }, + "S1p": { "type": "structure", "members": { "FileMode": {}, @@ -2638,19 +2676,19 @@ } } }, - "S1t": { + "S1w": { "type": "list", "member": {} }, - "S21": { + "S25": { "type": "list", "member": {} }, - "S2t": { + "S2x": { "type": "list", "member": {} }, - "S3q": { + "S3u": { "type": "list", "member": { "type": "structure", @@ -2689,11 +2727,11 @@ } } }, - "S40": { + "S44": { "type": "list", "member": {} }, - "S49": { + "S4d": { "type": "structure", "members": { "TargetARN": {}, @@ -2709,15 +2747,15 @@ } } }, - "S4i": { + "S4m": { "type": "string", "sensitive": true }, - "S58": { + "S5e": { "type": "list", "member": {} }, - "S77": { + "S7d": { "type": "list", "member": { "type": "structure", diff --git a/apis/storagegateway-2013-06-30.normal.json b/apis/storagegateway-2013-06-30.normal.json index 2f2ba8972e..5689896bc5 100644 --- a/apis/storagegateway-2013-06-30.normal.json +++ b/apis/storagegateway-2013-06-30.normal.json @@ -32,7 +32,7 @@ "shape": "InternalServerError" } ], - "documentation": "Activates the gateway you previously deployed on your host. In the activation process, you specify information such as the AWS Region that you want to use for storing snapshots or tapes, the time zone for scheduled snapshots the gateway snapshot schedule window, an activation key, and a name for your gateway. The activation process also associates your gateway with your account. For more information, see UpdateGatewayInformation.
You must turn on the gateway VM before you can activate your gateway.
Activates the gateway you previously deployed on your host. In the activation process, you specify information such as the Region that you want to use for storing snapshots or tapes, the time zone for scheduled snapshots the gateway snapshot schedule window, an activation key, and a name for your gateway. The activation process also associates your gateway with your account. For more information, see UpdateGatewayInformation.
You must turn on the gateway VM before you can activate your gateway.
Configures one or more gateway local disks as cache for a gateway. This operation is only supported in the cached volume, tape, and file gateway type (see How AWS Storage Gateway works (architecture).
In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add cache, and one or more disk IDs that you want to configure as cache.
" + "documentation": "Configures one or more gateway local disks as cache for a gateway. This operation is only supported in the cached volume, tape, and file gateway type (see How Storage Gateway works (architecture).
In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add cache, and one or more disk IDs that you want to configure as cache.
" }, "AddTagsToResource": { "name": "AddTagsToResource", @@ -76,7 +76,7 @@ "shape": "InternalServerError" } ], - "documentation": "Adds one or more tags to the specified resource. You use tags to add metadata to resources, which you can use to categorize these resources. For example, you can categorize resources by purpose, owner, environment, or team. Each tag consists of a key and a value, which you define. You can add tags to the following AWS Storage Gateway resources:
Storage gateways of all types
Storage volumes
Virtual tapes
NFS and SMB file shares
You can create a maximum of 50 tags for each resource. Virtual tapes and storage volumes that are recovered to a new gateway maintain their tags.
" + "documentation": "Adds one or more tags to the specified resource. You use tags to add metadata to resources, which you can use to categorize these resources. For example, you can categorize resources by purpose, owner, environment, or team. Each tag consists of a key and a value, which you define. You can add tags to the following Storage Gateway resources:
Storage gateways of all types
Storage volumes
Virtual tapes
NFS and SMB file shares
File System associations
You can create a maximum of 50 tags for each resource. Virtual tapes and storage volumes that are recovered to a new gateway maintain their tags.
" }, "AddUploadBuffer": { "name": "AddUploadBuffer", @@ -164,7 +164,7 @@ "shape": "InternalServerError" } ], - "documentation": "Associate an Amazon FSx file system with the Amazon FSx file gateway. After the association process is complete, the file shares on the Amazon FSx file system are available for access through the gateway. This operation only supports the Amazon FSx file gateway type.
" + "documentation": "Associate an Amazon FSx file system with the FSx File Gateway. After the association process is complete, the file shares on the Amazon FSx file system are available for access through the gateway. This operation only supports the FSx File Gateway type.
" }, "AttachVolume": { "name": "AttachVolume", @@ -274,7 +274,7 @@ "shape": "InternalServerError" } ], - "documentation": "Creates a Network File System (NFS) file share on an existing file gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an NFS interface. This operation is only supported for file gateways.
File gateway requires AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in the AWS Region, activate it. For information about how to activate AWS STS, see Activating and deactivating AWS STS in an AWS Region in the AWS Identity and Access Management User Guide.
File gateway does not support creating hard or symbolic links on a file share.
Creates a Network File System (NFS) file share on an existing S3 File Gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an NFS interface. This operation is only supported for S3 File Gateways.
S3 File gateway requires Security Token Service (STS) to be activated to enable you to create a file share. Make sure STS is activated in the Region you are creating your S3 File Gateway in. If STS is not activated in the Region, activate it. For information about how to activate STS, see Activating and deactivating STS in an Region in the Identity and Access Management User Guide.
S3 File Gateways do not support creating hard or symbolic links on a file share.
Creates a Server Message Block (SMB) file share on an existing file gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an SMB interface. This operation is only supported for file gateways.
File gateways require AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure that AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in this AWS Region, activate it. For information about how to activate AWS STS, see Activating and deactivating AWS STS in an AWS Region in the AWS Identity and Access Management User Guide.
File gateways don't support creating hard or symbolic links on a file share.
Creates a Server Message Block (SMB) file share on an existing S3 File Gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an SMB interface. This operation is only supported for S3 File Gateways.
S3 File Gateways require Security Token Service (STS) to be activated to enable you to create a file share. Make sure that STS is activated in the Region you are creating your S3 File Gateway in. If STS is not activated in this Region, activate it. For information about how to activate STS, see Activating and deactivating STS in an Region in the Identity and Access Management User Guide.
File gateways don't support creating hard or symbolic links on a file share.
Initiates a snapshot of a volume.
AWS Storage Gateway provides the ability to back up point-in-time snapshots of your data to Amazon Simple Storage (Amazon S3) for durable off-site recovery, and also import the data to an Amazon Elastic Block Store (EBS) volume in Amazon Elastic Compute Cloud (EC2). You can take snapshots of your gateway volume on a scheduled or ad hoc basis. This API enables you to take an ad hoc snapshot. For more information, see Editing a snapshot schedule.
In the CreateSnapshot request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide description for the snapshot. When AWS Storage Gateway takes the snapshot of specified volume, the snapshot and description appears in the AWS Storage Gateway console. In response, AWS Storage Gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot. This operation is only supported in stored and cached volume gateway type.
To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see DescribeSnapshots or DeleteSnapshot in the Amazon Elastic Compute Cloud API Reference.
Volume and snapshot IDs are changing to a longer length ID format. For more information, see the important note on the Welcome page.
Initiates a snapshot of a volume.
Storage Gateway provides the ability to back up point-in-time snapshots of your data to Amazon Simple Storage (Amazon S3) for durable off-site recovery, and also import the data to an Amazon Elastic Block Store (EBS) volume in Amazon Elastic Compute Cloud (EC2). You can take snapshots of your gateway volume on a scheduled or ad hoc basis. This API enables you to take an ad hoc snapshot. For more information, see Editing a snapshot schedule.
In the CreateSnapshot request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide description for the snapshot. When Storage Gateway takes the snapshot of specified volume, the snapshot and description appears in the Storage Gateway console. In response, Storage Gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot. This operation is only supported in stored and cached volume gateway type.
To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see DescribeSnapshots or DeleteSnapshot in the Amazon Elastic Compute Cloud API Reference.
Volume and snapshot IDs are changing to a longer length ID format. For more information, see the important note on the Welcome page.
Initiates a snapshot of a gateway from a volume recovery point. This operation is only supported in the cached volume gateway type.
A volume recovery point is a point in time at which all data of the volume is consistent and from which you can create a snapshot. To get a list of volume recovery point for cached volume gateway, use ListVolumeRecoveryPoints.
In the CreateSnapshotFromVolumeRecoveryPoint request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide a description for the snapshot. When the gateway takes a snapshot of the specified volume, the snapshot and its description appear in the AWS Storage Gateway console. In response, the gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot.
To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see DescribeSnapshots or DeleteSnapshot in the Amazon Elastic Compute Cloud API Reference.
Initiates a snapshot of a gateway from a volume recovery point. This operation is only supported in the cached volume gateway type.
A volume recovery point is a point in time at which all data of the volume is consistent and from which you can create a snapshot. To get a list of volume recovery point for cached volume gateway, use ListVolumeRecoveryPoints.
In the CreateSnapshotFromVolumeRecoveryPoint request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide a description for the snapshot. When the gateway takes a snapshot of the specified volume, the snapshot and its description appear in the Storage Gateway console. In response, the gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot.
To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see DescribeSnapshots or DeleteSnapshot in the Amazon Elastic Compute Cloud API Reference.
Deletes a file share from a file gateway. This operation is only supported for file gateways.
" + "documentation": "Deletes a file share from an S3 File Gateway. This operation is only supported for S3 File Gateways.
" }, "DeleteGateway": { "name": "DeleteGateway", @@ -544,7 +544,7 @@ "shape": "InternalServerError" } ], - "documentation": "Deletes a gateway. To specify which gateway to delete, use the Amazon Resource Name (ARN) of the gateway in your request. The operation deletes the gateway; however, it does not delete the gateway virtual machine (VM) from your host computer.
After you delete a gateway, you cannot reactivate it. Completed snapshots of the gateway volumes are not deleted upon deleting the gateway, however, pending snapshots will not complete. After you delete a gateway, your next step is to remove it from your environment.
You no longer pay software charges after the gateway is deleted; however, your existing Amazon EBS snapshots persist and you will continue to be billed for these snapshots. You can choose to remove all remaining Amazon EBS snapshots by canceling your Amazon EC2 subscription. If you prefer not to cancel your Amazon EC2 subscription, you can delete your snapshots using the Amazon EC2 console. For more information, see the AWS Storage Gateway detail page.
Deletes a gateway. To specify which gateway to delete, use the Amazon Resource Name (ARN) of the gateway in your request. The operation deletes the gateway; however, it does not delete the gateway virtual machine (VM) from your host computer.
After you delete a gateway, you cannot reactivate it. Completed snapshots of the gateway volumes are not deleted upon deleting the gateway, however, pending snapshots will not complete. After you delete a gateway, your next step is to remove it from your environment.
You no longer pay software charges after the gateway is deleted; however, your existing Amazon EBS snapshots persist and you will continue to be billed for these snapshots. You can choose to remove all remaining Amazon EBS snapshots by canceling your Amazon EC2 subscription. If you prefer not to cancel your Amazon EC2 subscription, you can delete your snapshots using the Amazon EC2 console. For more information, see the Storage Gateway detail page.
Returns a description of the gateway volumes specified in the request. This operation is only supported in the cached volume gateway types.
The list of gateway volumes in the request must be from one gateway. In the response, AWS Storage Gateway returns volume information sorted by volume Amazon Resource Name (ARN).
" + "documentation": "Returns a description of the gateway volumes specified in the request. This operation is only supported in the cached volume gateway types.
The list of gateway volumes in the request must be from one gateway. In the response, Storage Gateway returns volume information sorted by volume Amazon Resource Name (ARN).
" }, "DescribeChapCredentials": { "name": "DescribeChapCredentials", @@ -808,7 +808,7 @@ "shape": "InternalServerError" } ], - "documentation": "Gets the file system association information. This operation is only supported for Amazon FSx file gateways.
" + "documentation": "Gets the file system association information. This operation is only supported for FSx File Gateways.
" }, "DescribeGatewayInformation": { "name": "DescribeGatewayInformation", @@ -874,7 +874,7 @@ "shape": "InternalServerError" } ], - "documentation": "Gets a description for one or more Network File System (NFS) file shares from a file gateway. This operation is only supported for file gateways.
" + "documentation": "Gets a description for one or more Network File System (NFS) file shares from an S3 File Gateway. This operation is only supported for S3 File Gateways.
" }, "DescribeSMBFileShares": { "name": "DescribeSMBFileShares", @@ -896,7 +896,7 @@ "shape": "InternalServerError" } ], - "documentation": "Gets a description for one or more Server Message Block (SMB) file shares from a file gateway. This operation is only supported for file gateways.
" + "documentation": "Gets a description for one or more Server Message Block (SMB) file shares from a S3 File Gateway. This operation is only supported for S3 File Gateways.
" }, "DescribeSMBSettings": { "name": "DescribeSMBSettings", @@ -962,7 +962,7 @@ "shape": "InternalServerError" } ], - "documentation": "Returns the description of the gateway volumes specified in the request. The list of gateway volumes in the request must be from one gateway. In the response, AWS Storage Gateway returns volume information sorted by volume ARNs. This operation is only supported in stored volume gateway type.
" + "documentation": "Returns the description of the gateway volumes specified in the request. The list of gateway volumes in the request must be from one gateway. In the response, Storage Gateway returns volume information sorted by volume ARNs. This operation is only supported in stored volume gateway type.
" }, "DescribeTapeArchives": { "name": "DescribeTapeArchives", @@ -984,7 +984,7 @@ "shape": "InternalServerError" } ], - "documentation": "Returns a description of specified virtual tapes in the virtual tape shelf (VTS). This operation is only supported in the tape gateway type.
If a specific TapeARN is not specified, AWS Storage Gateway returns a description of all virtual tapes found in the VTS associated with your account.
Returns a description of specified virtual tapes in the virtual tape shelf (VTS). This operation is only supported in the tape gateway type.
If a specific TapeARN is not specified, Storage Gateway returns a description of all virtual tapes found in the VTS associated with your account.
Returns a description of virtual tape library (VTL) devices for the specified tape gateway. In the response, AWS Storage Gateway returns VTL device information.
This operation is only supported in the tape gateway type.
" + "documentation": "Returns a description of virtual tape library (VTL) devices for the specified tape gateway. In the response, Storage Gateway returns VTL device information.
This operation is only supported in the tape gateway type.
" }, "DescribeWorkingStorage": { "name": "DescribeWorkingStorage", @@ -1160,7 +1160,7 @@ "shape": "InternalServerError" } ], - "documentation": "Disassociates an Amazon FSx file system from the specified gateway. After the disassociation process finishes, the gateway can no longer access the Amazon FSx file system. This operation is only supported in the Amazon FSx file gateway type.
" + "documentation": "Disassociates an Amazon FSx file system from the specified gateway. After the disassociation process finishes, the gateway can no longer access the Amazon FSx file system. This operation is only supported in the FSx File Gateway type.
" }, "JoinDomain": { "name": "JoinDomain", @@ -1226,7 +1226,7 @@ "shape": "InternalServerError" } ], - "documentation": "Gets a list of the file shares for a specific file gateway, or the list of file shares that belong to the calling user account. This operation is only supported for file gateways.
" + "documentation": "Gets a list of the file shares for a specific S3 File Gateway, or the list of file shares that belong to the calling user account. This operation is only supported for S3 File Gateways.
" }, "ListFileSystemAssociations": { "name": "ListFileSystemAssociations", @@ -1248,7 +1248,7 @@ "shape": "InternalServerError" } ], - "documentation": "Gets a list of FileSystemAssociationSummary objects. Each object contains a summary of a file system association. This operation is only supported for Amazon FSx file gateways.
Gets a list of FileSystemAssociationSummary objects. Each object contains a summary of a file system association. This operation is only supported for FSx File Gateways.
Lists gateways owned by an AWS account in an AWS Region specified in the request. The returned list is ordered by gateway Amazon Resource Name (ARN).
By default, the operation returns a maximum of 100 gateways. This operation supports pagination that allows you to optionally reduce the number of gateways returned in a response.
If you have more gateways than are returned in a response (that is, the response returns only a truncated list of your gateways), the response contains a marker that you can specify in your next request to fetch the next page of gateways.
" + "documentation": "Lists gateways owned by an account in an Region specified in the request. The returned list is ordered by gateway Amazon Resource Name (ARN).
By default, the operation returns a maximum of 100 gateways. This operation supports pagination that allows you to optionally reduce the number of gateways returned in a response.
If you have more gateways than are returned in a response (that is, the response returns only a truncated list of your gateways), the response contains a marker that you can specify in your next request to fetch the next page of gateways.
" }, "ListLocalDisks": { "name": "ListLocalDisks", @@ -1446,7 +1446,7 @@ "shape": "InternalServerError" } ], - "documentation": "Sends you notification through CloudWatch Events when all files written to your file share have been uploaded to Amazon S3.
AWS Storage Gateway can send a notification through Amazon CloudWatch Events when all files written to your file share up to that point in time have been uploaded to Amazon S3. These files include files written to the file share up to the time that you make a request for notification. When the upload is done, Storage Gateway sends you notification through an Amazon CloudWatch Event. You can configure CloudWatch Events to send the notification through event targets such as Amazon SNS or AWS Lambda function. This operation is only supported for file gateways.
For more information, see Getting file upload notification in the AWS Storage Gateway User Guide.
" + "documentation": "Sends you notification through CloudWatch Events when all files written to your file share have been uploaded to Amazon S3.
Storage Gateway can send a notification through Amazon CloudWatch Events when all files written to your file share up to that point in time have been uploaded to Amazon S3. These files include files written to the file share up to the time that you make a request for notification. When the upload is done, Storage Gateway sends you notification through an Amazon CloudWatch Event. You can configure CloudWatch Events to send the notification through event targets such as Amazon SNS or Lambda function. This operation is only supported for S3 File Gateways.
For more information, see Getting file upload notification in the Storage Gateway User Guide.
" }, "RefreshCache": { "name": "RefreshCache", @@ -1468,7 +1468,7 @@ "shape": "InternalServerError" } ], - "documentation": "Refreshes the cached inventory of objects for the specified file share. This operation finds objects in the Amazon S3 bucket that were added, removed, or replaced since the gateway last listed the bucket's contents and cached the results. This operation does not import files into the file gateway cache storage. It only updates the cached inventory to reflect changes in the inventory of the objects in the S3 bucket. This operation is only supported in the file gateway type. You can subscribe to be notified through an Amazon CloudWatch event when your RefreshCache operation completes. For more information, see Getting notified about file operations in the AWS Storage Gateway User Guide.
When this API is called, it only initiates the refresh operation. When the API call completes and returns a success code, it doesn't necessarily mean that the file refresh has completed. You should use the refresh-complete notification to determine that the operation has completed before you check for new files on the gateway file share. You can subscribe to be notified through a CloudWatch event when your RefreshCache operation completes.
Throttle limit: This API is asynchronous, so the gateway will accept no more than two refreshes at any time. We recommend using the refresh-complete CloudWatch event notification before issuing additional requests. For more information, see Getting notified about file operations in the AWS Storage Gateway User Guide.
If you invoke the RefreshCache API when two requests are already being processed, any new request will cause an InvalidGatewayRequestException error because too many requests were sent to the server.
For more information, see Getting notified about file operations in the AWS Storage Gateway User Guide.
" + "documentation": "Refreshes the cached inventory of objects for the specified file share. This operation finds objects in the Amazon S3 bucket that were added, removed, or replaced since the gateway last listed the bucket's contents and cached the results. This operation does not import files into the S3 File Gateway cache storage. It only updates the cached inventory to reflect changes in the inventory of the objects in the S3 bucket. This operation is only supported in the S3 File Gateway types.
You can subscribe to be notified through an Amazon CloudWatch event when your RefreshCache operation completes. For more information, see Getting notified about file operations in the Storage Gateway User Guide. This operation is Only supported for S3 File Gateways.
When this API is called, it only initiates the refresh operation. When the API call completes and returns a success code, it doesn't necessarily mean that the file refresh has completed. You should use the refresh-complete notification to determine that the operation has completed before you check for new files on the gateway file share. You can subscribe to be notified through a CloudWatch event when your RefreshCache operation completes.
Throttle limit: This API is asynchronous, so the gateway will accept no more than two refreshes at any time. We recommend using the refresh-complete CloudWatch event notification before issuing additional requests. For more information, see Getting notified about file operations in the Storage Gateway User Guide.
If you invoke the RefreshCache API when two requests are already being processed, any new request will cause an InvalidGatewayRequestException error because too many requests were sent to the server.
For more information, see Getting notified about file operations in the Storage Gateway User Guide.
" }, "RemoveTagsFromResource": { "name": "RemoveTagsFromResource", @@ -1600,7 +1600,7 @@ "shape": "InternalServerError" } ], - "documentation": "Sets the password for the guest user smbguest. The smbguest user is the user when the authentication method for the file share is set to GuestAccess.
Sets the password for the guest user smbguest. The smbguest user is the user when the authentication method for the file share is set to GuestAccess. This operation only supported for S3 File Gateways
Updates a file system association. This operation is only supported in the Amazon FSx file gateway type.
" + "documentation": "Updates a file system association. This operation is only supported in the FSx File Gateways.
" }, "UpdateGatewayInformation": { "name": "UpdateGatewayInformation", @@ -1864,7 +1864,7 @@ "shape": "InternalServerError" } ], - "documentation": "Updates a Network File System (NFS) file share. This operation is only supported in the file gateway type.
To leave a file share field unchanged, set the corresponding input field to null.
Updates the following file share settings:
Default storage class for your S3 bucket
Metadata defaults for your S3 bucket
Allowed NFS clients for your file share
Squash settings
Write status of your file share
Updates a Network File System (NFS) file share. This operation is only supported in S3 File Gateways.
To leave a file share field unchanged, set the corresponding input field to null.
Updates the following file share settings:
Default storage class for your S3 bucket
Metadata defaults for your S3 bucket
Allowed NFS clients for your file share
Squash settings
Write status of your file share
Updates a Server Message Block (SMB) file share. This operation is only supported for file gateways.
To leave a file share field unchanged, set the corresponding input field to null.
File gateways require AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure that AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in this AWS Region, activate it. For information about how to activate AWS STS, see Activating and deactivating AWS STS in an AWS Region in the AWS Identity and Access Management User Guide.
File gateways don't support creating hard or symbolic links on a file share.
Updates a Server Message Block (SMB) file share. This operation is only supported for S3 File Gateways.
To leave a file share field unchanged, set the corresponding input field to null.
File gateways require Security Token Service (STS) to be activated to enable you to create a file share. Make sure that STS is activated in the Region you are creating your file gateway in. If STS is not activated in this Region, activate it. For information about how to activate STS, see Activating and deactivating STS in an Region in the Identity and Access Management User Guide.
File gateways don't support creating hard or symbolic links on a file share.
Controls whether the shares on a gateway are visible in a net view or browse list.
" + "documentation": "Controls whether the shares on an S3 File Gateway are visible in a net view or browse list. The operation is only supported for S3 File Gateways.
" }, "UpdateSMBSecurityStrategy": { "name": "UpdateSMBSecurityStrategy", @@ -1989,7 +1989,7 @@ "members": { "ActivationKey": { "shape": "ActivationKey", - "documentation": "Your gateway activation key. You can obtain the activation key by sending an HTTP GET request with redirects enabled to the gateway IP address (port 80). The redirect URL returned in the response provides you the activation key for your gateway in the query string parameter activationKey. It may also include other activation-related parameters, however, these are merely defaults -- the arguments you pass to the ActivateGateway API call determine the actual configuration of your gateway.
For more information, see Getting activation key in the AWS Storage Gateway User Guide.
" + "documentation": "Your gateway activation key. You can obtain the activation key by sending an HTTP GET request with redirects enabled to the gateway IP address (port 80). The redirect URL returned in the response provides you the activation key for your gateway in the query string parameter activationKey. It may also include other activation-related parameters, however, these are merely defaults -- the arguments you pass to the ActivateGateway API call determine the actual configuration of your gateway.
For more information, see Getting activation key in the Storage Gateway User Guide.
" }, "GatewayName": { "shape": "GatewayName", @@ -2001,11 +2001,11 @@ }, "GatewayRegion": { "shape": "RegionId", - "documentation": "A value that indicates the AWS Region where you want to store your data. The gateway AWS Region specified must be the same AWS Region as the AWS Region in your Host header in the request. For more information about available AWS Regions and endpoints for AWS Storage Gateway, see AWS Storage Gateway endpoints and quotas in the AWS General Reference.
Valid Values: See AWS Storage Gateway endpoints and quotas in the AWS General Reference.
" + "documentation": "A value that indicates the Region where you want to store your data. The gateway Region specified must be the same Region as the Region in your Host header in the request. For more information about available Regions and endpoints for Storage Gateway, see Storage Gateway endpoints and quotas in the Amazon Web Services General Reference.
Valid Values: See Storage Gateway endpoints and quotas in the Amazon Web Services General Reference.
" }, "GatewayType": { "shape": "GatewayType", - "documentation": "A value that defines the type of gateway to activate. The type specified is critical to all later functions of the gateway and cannot be changed after activation. The default value is CACHED.
Valid Values: STORED | CACHED | VTL | FILE_S3
A value that defines the type of gateway to activate. The type specified is critical to all later functions of the gateway and cannot be changed after activation. The default value is CACHED.
Valid Values: STORED | CACHED | VTL | FILE_S3 | FILE_FSX_SMB|
AWS Storage Gateway returns the Amazon Resource Name (ARN) of the activated gateway. It is a string made of information such as your account, gateway name, and AWS Region. This ARN is used to reference the gateway in other API operations as well as resource-based authorization.
For gateways activated prior to September 02, 2015, the gateway ARN contains the gateway name rather than the gateway ID. Changing the name of the gateway has no effect on the gateway ARN.
Storage Gateway returns the Amazon Resource Name (ARN) of the activated gateway. It is a string made of information such as your account, gateway name, and Region. This ARN is used to reference the gateway in other API operations as well as resource-based authorization.
For gateways activated prior to September 02, 2015, the gateway ARN contains the gateway name rather than the gateway ID. Changing the name of the gateway has no effect on the gateway ARN.
A unique string value that you supply that is used by the file gateway to ensure idempotent file system association creation.
" + "documentation": "A unique string value that you supply that is used by the FSx File Gateway to ensure idempotent file system association creation.
" }, "GatewayARN": { "shape": "GatewayARN" }, "LocationARN": { "shape": "FileSystemLocationARN", - "documentation": "The Amazon Resource Name (ARN) of the Amazon FSx file system to associate with the Amazon FSx file gateway.
" + "documentation": "The Amazon Resource Name (ARN) of the Amazon FSx file system to associate with the FSx File Gateway.
" }, "Tags": { "shape": "Tags", @@ -2219,6 +2219,10 @@ }, "CacheAttributes": { "shape": "CacheAttributes" + }, + "EndpointNetworkConfiguration": { + "shape": "EndpointNetworkConfiguration", + "documentation": "Specifies the network configuration information for the gateway associated with the Amazon FSx file system.
If multiple file systems are associated with this gateway, this parameter's IpAddresses field is required.
Refreshes a file share's cache by using Time To Live (TTL). TTL is the length of time since the last refresh after which access to the directory would cause the file gateway to first refresh that directory's contents from the Amazon S3 bucket or Amazon FSx file system. The TTL duration is in seconds.
Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days)
" + "documentation": "Refreshes a file share's cache by using Time To Live (TTL). TTL is the length of time since the last refresh after which access to the directory would cause the file gateway to first refresh that directory's contents from the Amazon S3 bucket or Amazon FSx file system. The TTL duration is in seconds.
Valid Values:0, 300 to 2,592,000 seconds (5 minutes to 30 days)
" } }, - "documentation": "The refresh cache information for the file share.
" + "documentation": "The refresh cache information for the file share or FSx file systems.
" }, "CacheStaleTimeoutInSeconds": { "type": "integer" @@ -2637,7 +2641,7 @@ }, "KMSEncrypted": { "shape": "Boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
A unique string value that you supply that is used by file gateway to ensure idempotent file share creation.
" + "documentation": "A unique string value that you supply that is used by S3 File Gateway to ensure idempotent file share creation.
" }, "NFSFileShareDefaults": { "shape": "NFSFileShareDefaults", @@ -2681,11 +2685,11 @@ }, "GatewayARN": { "shape": "GatewayARN", - "documentation": "The Amazon Resource Name (ARN) of the file gateway on which you want to create a file share.
" + "documentation": "The Amazon Resource Name (ARN) of the S3 File Gateway on which you want to create a file share.
" }, "KMSEncrypted": { "shape": "Boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.
" + "documentation": "The ARN of the Identity and Access Management (IAM) role that an S3 File Gateway assumes when it accesses the underlying storage.
" }, "LocationARN": { "shape": "LocationARN", - "documentation": "The ARN of the backend storage used for storing file data. A prefix name can be added to the S3 bucket name. It must end with a \"/\".
" + "documentation": "The ARN of the backend storage used for storing file data. A prefix name can be added to the S3 bucket name. It must end with a \"/\".
You can specify a bucket attached to an access point using a complete ARN that includes the bucket region as shown:
arn:aws:s3:region:account-id:accesspoint/access-point-name
If you specify a bucket attached to an access point, the bucket policy must be configured to delegate access control to the access point. For information, see Delegating access control to access points in the Amazon S3 User Guide.
The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.
A value that sets the access control list (ACL) permission for objects in the S3 bucket that a S3 File Gateway puts objects into. The default value is private.
The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks.
" + "documentation": "The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IP addresses or valid CIDR blocks.
" }, "Squash": { "shape": "Squash", @@ -2742,6 +2746,14 @@ "NotificationPolicy": { "shape": "NotificationPolicy", "documentation": "The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
Specifies the DNS name for the VPC endpoint that the NFS file share uses to connect to Amazon S3.
This parameter is required for NFS file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.
Specifies the Region of the S3 bucket where the NFS file share stores files.
This parameter is required for NFS file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.
CreateNFSFileShareInput
" @@ -2767,15 +2779,15 @@ "members": { "ClientToken": { "shape": "ClientToken", - "documentation": "A unique string value that you supply that is used by file gateway to ensure idempotent file share creation.
" + "documentation": "A unique string value that you supply that is used by S3 File Gateway to ensure idempotent file share creation.
" }, "GatewayARN": { "shape": "GatewayARN", - "documentation": "The ARN of the file gateway on which you want to create a file share.
" + "documentation": "The ARN of the S3 File Gateway on which you want to create a file share.
" }, "KMSEncrypted": { "shape": "Boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.
" + "documentation": "The ARN of the Identity and Access Management (IAM) role that an S3 File Gateway assumes when it accesses the underlying storage.
" }, "LocationARN": { "shape": "LocationARN", - "documentation": "The ARN of the backend storage used for storing file data. A prefix name can be added to the S3 bucket name. It must end with a \"/\".
" + "documentation": "The ARN of the backend storage used for storing file data. A prefix name can be added to the S3 bucket name. It must end with a \"/\".
You can specify a bucket attached to an access point using a complete ARN that includes the bucket region as shown:
arn:aws:s3:region:account-id:accesspoint/access-point-name
If you specify a bucket attached to an access point, the bucket policy must be configured to delegate access control to the access point. For information, see Delegating access control to access points in the Amazon S3 User Guide.
The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.
A value that sets the access control list (ACL) permission for objects in the S3 bucket that a S3 File Gateway puts objects into. The default value is private.
Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.
For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the AWS Storage Gateway User Guide.
Valid Values: true | false
Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.
For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the Storage Gateway User Guide.
Valid Values: true | false
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
Specifies the DNS name for the VPC endpoint that the SMB file share uses to connect to Amazon S3.
This parameter is required for SMB file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.
Specifies the Region of the S3 bucket where the SMB file share stores files.
This parameter is required for SMB file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.
Specifies whether opportunistic locking is enabled for the SMB file share.
Enabling opportunistic locking on case-sensitive shares is not recommended for workloads that involve access to files with the same name in different case.
Valid Values: true | false
CreateSMBFileShareInput
" @@ -2883,7 +2907,7 @@ }, "SnapshotDescription": { "shape": "SnapshotDescription", - "documentation": "Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the Description field, and in the AWS Storage Gateway snapshot Details pane, Description field.
" + "documentation": "Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the Description field, and in the Storage Gateway snapshot Details pane, Description field.
" }, "Tags": { "shape": "Tags", @@ -2921,7 +2945,7 @@ }, "SnapshotDescription": { "shape": "SnapshotDescription", - "documentation": "Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the Description field, and in the AWS Storage Gateway snapshot Details pane, Description field.
" + "documentation": "Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the Description field, and in the Storage Gateway snapshot Details pane, Description field.
" }, "Tags": { "shape": "Tags", @@ -2979,7 +3003,7 @@ }, "KMSEncrypted": { "shape": "Boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Tape retention lock can be configured in two modes. When configured in governance mode, AWS accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root AWS account.
" + "documentation": "Tape retention lock can be configured in two modes. When configured in governance mode, accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root account.
" }, "RetentionLockTimeInDays": { "shape": "RetentionLockTimeInDays", @@ -3044,7 +3068,7 @@ "members": { "PoolARN": { "shape": "PoolARN", - "documentation": "The unique Amazon Resource Name (ARN) that represents the custom tape pool. Use the ListTapePools operation to return a list of tape pools for your account and AWS Region.
" + "documentation": "The unique Amazon Resource Name (ARN) that represents the custom tape pool. Use the ListTapePools operation to return a list of tape pools for your account and Region.
" } } }, @@ -3058,7 +3082,7 @@ "members": { "GatewayARN": { "shape": "GatewayARN", - "documentation": "The unique Amazon Resource Name (ARN) that represents the gateway to associate the virtual tape with. Use the ListGateways operation to return a list of gateways for your account and AWS Region.
" + "documentation": "The unique Amazon Resource Name (ARN) that represents the gateway to associate the virtual tape with. Use the ListGateways operation to return a list of gateways for your account and Region.
" }, "TapeSizeInBytes": { "shape": "TapeSize", @@ -3070,7 +3094,7 @@ }, "KMSEncrypted": { "shape": "Boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
The unique Amazon Resource Name (ARN) that represents the gateway to associate the virtual tapes with. Use the ListGateways operation to return a list of gateways for your account and AWS Region.
" + "documentation": "The unique Amazon Resource Name (ARN) that represents the gateway to associate the virtual tapes with. Use the ListGateways operation to return a list of gateways for your account and Region.
" }, "TapeSizeInBytes": { "shape": "TapeSize", @@ -3133,7 +3157,7 @@ }, "KMSEncrypted": { "shape": "Boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
If this value is set to true, the operation deletes a file share immediately and aborts all data uploads to AWS. Otherwise, the file share is not deleted until all data is uploaded to AWS. This process aborts the data upload process, and the file share enters the FORCE_DELETING status.
Valid Values: true | false
If this value is set to true, the operation deletes a file share immediately and aborts all data uploads to Amazon Web Services. Otherwise, the file share is not deleted until all data is uploaded to Amazon Web Services. This process aborts the data upload process, and the file share enters the FORCE_DELETING status.
Valid Values: true | false
DeleteFileShareInput
" @@ -3367,7 +3397,7 @@ "members": { "GatewayARN": { "shape": "GatewayARN", - "documentation": "The unique Amazon Resource Name (ARN) of the gateway that the virtual tape to delete is associated with. Use the ListGateways operation to return a list of gateways for your account and AWS Region.
" + "documentation": "The unique Amazon Resource Name (ARN) of the gateway that the virtual tape to delete is associated with. Use the ListGateways operation to return a list of gateways for your account and Region.
" }, "TapeARN": { "shape": "TapeARN", @@ -3549,7 +3579,7 @@ }, "CacheDirtyPercentage": { "shape": "double", - "documentation": "The file share's contribution to the overall percentage of the gateway's cache that has not been persisted to AWS. The sample is taken at the end of the reporting period.
" + "documentation": "The file share's contribution to the overall percentage of the gateway's cache that has not been persisted to Amazon Web Services. The sample is taken at the end of the reporting period.
" }, "CacheHitPercentage": { "shape": "double", @@ -3683,7 +3713,7 @@ }, "Ec2InstanceRegion": { "shape": "Ec2InstanceRegion", - "documentation": "The AWS Region where the Amazon EC2 instance is located.
" + "documentation": "The Region where the Amazon EC2 instance is located.
" }, "Tags": { "shape": "Tags", @@ -3712,6 +3742,14 @@ "DeprecationDate": { "shape": "DeprecationDate", "documentation": "Date after which this gateway will not receive software updates for new features and bug fixes.
" + }, + "GatewayCapacity": { + "shape": "GatewayCapacity", + "documentation": "Specifies the size of the gateway's metadata cache.
" + }, + "SupportedGatewayCapacities": { + "shape": "SupportedGatewayCapacities", + "documentation": "A list of the metadata cache sizes that the gateway can support based on its current hardware specifications.
" } }, "documentation": "A JSON object containing the following fields:
" @@ -3830,15 +3868,15 @@ }, "SMBGuestPasswordSet": { "shape": "Boolean", - "documentation": "This value is true if a password for the guest user smbguest is set, otherwise false.
Valid Values: true | false
This value is true if a password for the guest user smbguest is set, otherwise false. Only supported for S3 File Gateways.
Valid Values: true | false
The type of security strategy that was specified for file gateway.
ClientSpecified: If you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment.
MandatorySigning: If you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.
MandatoryEncryption: If you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer.
The type of security strategy that was specified for file gateway.
ClientSpecified: If you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment. Only supported for S3 File Gateways.
MandatorySigning: If you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.
MandatoryEncryption: If you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer.
The shares on this gateway appear when listing shares.
" + "documentation": "The shares on this gateway appear when listing shares. Only supported for S3 File Gateways.
" } } }, @@ -4325,6 +4363,16 @@ "Ec2InstanceRegion": { "type": "string" }, + "EndpointNetworkConfiguration": { + "type": "structure", + "members": { + "IpAddresses": { + "shape": "IpAddressList", + "documentation": "A list of gateway IP addresses on which the associated Amazon FSx file system is available.
If multiple file systems are associated with this gateway, this field is required.
Specifies network configuration information for the gateway associated with the Amazon FSx file system.
" + }, "EndpointType": { "type": "string", "max": 8, @@ -4349,7 +4397,7 @@ "member": { "shape": "IPV4AddressCIDR" }, - "documentation": "The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks.
", + "documentation": "The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IP addresses or valid CIDR blocks.
", "max": 100, "min": 1 }, @@ -4378,7 +4426,7 @@ "shape": "GatewayARN" } }, - "documentation": "Describes a file share.
" + "documentation": "Describes a file share. Only supported S3 File Gateway.
" }, "FileShareInfoList": { "type": "list", @@ -4436,7 +4484,7 @@ }, "FileSystemAssociationStatus": { "shape": "FileSystemAssociationStatus", - "documentation": "The status of the file system association. Valid Values: AVAILABLE | CREATING | DELETING | FORCE_DELETING | MISCONFIGURED | UPDATING | UNAVAILABLE
The status of the file system association. Valid Values: AVAILABLE | CREATING | DELETING | FORCE_DELETING | UPDATING | ERROR
Specifies network configuration information for the gateway associated with the Amazon FSx file system.
If multiple file systems are associated with this gateway, this parameter's IpAddresses field is required.
Describes the object returned by DescribeFileSystemAssociations that describes a created file system association.
The status of the file share. Valid Values: AVAILABLE | CREATING | DELETING | FORCE_DELETING | MISCONFIGURED | UPDATING | UNAVAILABLE
The status of the file share. Valid Values: AVAILABLE | CREATING | DELETING | FORCE_DELETING | UPDATING | ERROR
The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and AWS Region.
", + "documentation": "The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and Region.
", "max": 500, "min": 50 }, + "GatewayCapacity": { + "type": "string", + "enum": [ + "Small", + "Medium", + "Large" + ] + }, "GatewayId": { "type": "string", "max": 30, @@ -4531,7 +4591,7 @@ }, "GatewayARN": { "shape": "GatewayARN", - "documentation": "The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and AWS Region.
" + "documentation": "The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and Region.
" }, "GatewayType": { "shape": "GatewayType", @@ -4551,7 +4611,7 @@ }, "Ec2InstanceRegion": { "shape": "Ec2InstanceRegion", - "documentation": "The AWS Region where the Amazon EC2 instance is located.
" + "documentation": "The Region where the Amazon EC2 instance is located.
" } }, "documentation": "Describes a gateway object.
" @@ -4622,6 +4682,12 @@ "max": 23, "min": 0 }, + "IPV4Address": { + "type": "string", + "max": 15, + "min": 7, + "pattern": "^((25[0-5]|(2[0-4]|1[0-9]|[1-9]|)[0-9])(\\.(?!$)|$)){4}" + }, "IPV4AddressCIDR": { "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))?$" @@ -4637,6 +4703,14 @@ "shape": "Initiator" } }, + "IpAddressList": { + "type": "list", + "member": { + "shape": "IPV4Address" + }, + "max": 1, + "min": 0 + }, "IqnName": { "type": "string", "max": 255, @@ -4654,7 +4728,7 @@ "members": { "GatewayARN": { "shape": "GatewayARN", - "documentation": "The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and AWS Region.
The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and Region.
An array of information about the file gateway's file shares.
" + "documentation": "An array of information about the S3 File Gateway's file shares.
" } }, "documentation": "ListFileShareOutput
" @@ -5078,7 +5152,7 @@ "documentation": "The default owner ID for files in the file share (unless the files have another owner ID specified). The default value is nfsnobody.
Describes Network File System (NFS) file share default values. Files and folders stored as Amazon S3 objects in S3 buckets don't, by default, have Unix file permissions assigned to them. Upon discovery in an S3 bucket by Storage Gateway, the S3 objects that represent files and folders are assigned these default Unix permissions. This operation is only supported for file gateways.
" + "documentation": "Describes Network File System (NFS) file share default values. Files and folders stored as Amazon S3 objects in S3 buckets don't, by default, have Unix file permissions assigned to them. Upon discovery in an S3 bucket by Storage Gateway, the S3 objects that represent files and folders are assigned these default Unix permissions. This operation is only supported for S3 File Gateways.
" }, "NFSFileShareInfo": { "type": "structure", @@ -5100,7 +5174,7 @@ }, "KMSEncrypted": { "shape": "boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
Specifies the DNS name for the VPC endpoint that the NFS file share uses to connect to Amazon S3.
This parameter is required for NFS file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.
Specifies the Region of the S3 bucket where the NFS file share stores files.
This parameter is required for NFS file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.
The Unix file permissions and ownership information assigned, by default, to native S3 objects when file gateway discovers them in S3 buckets. This operation is only supported in file gateways.
" + "documentation": "The Unix file permissions and ownership information assigned, by default, to native S3 objects when an S3 File Gateway discovers them in S3 buckets. This operation is only supported in S3 File Gateways.
" }, "NFSFileShareInfoList": { "type": "list", @@ -5232,7 +5314,7 @@ }, "ObjectACL": { "type": "string", - "documentation": "A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.
A value that sets the access control list (ACL) permission for objects in the S3 bucket that an S3 File Gateway puts objects into. The default value is private.
The Amazon Resource Name (ARN) of the custom tape pool. Use the ListTapePools operation to return a list of custom tape pools for your account and AWS Region.
" + "documentation": "The Amazon Resource Name (ARN) of the custom tape pool. Use the ListTapePools operation to return a list of custom tape pools for your account and Region.
" }, "PoolName": { "shape": "PoolName", @@ -5296,7 +5378,7 @@ }, "RetentionLockType": { "shape": "RetentionLockType", - "documentation": "Tape retention lock type, which can be configured in two modes. When configured in governance mode, AWS accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root AWS account.
" + "documentation": "Tape retention lock type, which can be configured in two modes. When configured in governance mode, accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root account.
" }, "RetentionLockTimeInDays": { "shape": "RetentionLockTimeInDays", @@ -5453,7 +5535,7 @@ }, "GatewayARN": { "shape": "GatewayARN", - "documentation": "The Amazon Resource Name (ARN) of the gateway you want to retrieve the virtual tape to. Use the ListGateways operation to return a list of gateways for your account and AWS Region.
You retrieve archived virtual tapes to only one gateway and the gateway must be a tape gateway.
" + "documentation": "The Amazon Resource Name (ARN) of the gateway you want to retrieve the virtual tape to. Use the ListGateways operation to return a list of gateways for your account and Region.
You retrieve archived virtual tapes to only one gateway and the gateway must be a tape gateway.
" } }, "documentation": "RetrieveTapeArchiveInput
" @@ -5497,7 +5579,7 @@ }, "Role": { "type": "string", - "documentation": "The ARN of the IAM role that file gateway assumes when it accesses the underlying storage.
", + "documentation": "The ARN of the IAM role that an S3 File Gateway assumes when it accesses the underlying storage.
", "max": 2048, "min": 20, "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::([0-9]+):role/(\\S+)$" @@ -5519,7 +5601,7 @@ }, "KMSEncrypted": { "shape": "boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
If this value is set to true, it indicates that access control list (ACL) is enabled on the SMB file share. If it is set to false, it indicates that file and directory permissions are mapped to the POSIX permission.
For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the AWS Storage Gateway User Guide.
" + "documentation": "If this value is set to true, it indicates that access control list (ACL) is enabled on the SMB file share. If it is set to false, it indicates that file and directory permissions are mapped to the POSIX permission.
For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the Storage Gateway User Guide.
" }, "AccessBasedEnumeration": { "shape": "Boolean", @@ -5599,9 +5681,21 @@ "NotificationPolicy": { "shape": "NotificationPolicy", "documentation": "The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
Specifies the DNS name for the VPC endpoint that the SMB file share uses to connect to Amazon S3.
This parameter is required for SMB file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.
Specifies the Region of the S3 bucket where the SMB file share stores files.
This parameter is required for SMB file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.
Specifies whether opportunistic locking is enabled for the SMB file share.
Enabling opportunistic locking on case-sensitive shares is not recommended for workloads that involve access to files with the same name in different case.
Valid Values: true | false
The Windows file permissions and ownership information assigned, by default, to native S3 objects when file gateway discovers them in S3 buckets. This operation is only supported for file gateways.
" + "documentation": "The Windows file permissions and ownership information assigned, by default, to native S3 objects when S3 File Gateway discovers them in S3 buckets. This operation is only supported for S3 File Gateways.
" }, "SMBFileShareInfoList": { "type": "list", @@ -5658,7 +5752,7 @@ "members": { "GatewayARN": { "shape": "GatewayARN", - "documentation": "The Amazon Resource Name (ARN) of the file gateway the SMB file share is associated with.
" + "documentation": "The Amazon Resource Name (ARN) of the S3 File Gateway the SMB file share is associated with.
" }, "Password": { "shape": "SMBGuestPassword", @@ -5833,6 +5927,12 @@ "shape": "StorediSCSIVolume" } }, + "SupportedGatewayCapacities": { + "type": "list", + "member": { + "shape": "GatewayCapacity" + } + }, "Tag": { "type": "structure", "required": [ @@ -6047,7 +6147,7 @@ }, "GatewayARN": { "shape": "GatewayARN", - "documentation": "The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and AWS Region.
" + "documentation": "The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and Region.
" }, "PoolId": { "shape": "PoolId", @@ -6316,6 +6416,10 @@ "CloudWatchLogGroupARN": { "shape": "CloudWatchLogGroupARN", "documentation": "The Amazon Resource Name (ARN) of the Amazon CloudWatch log group that you want to use to monitor and log events in the gateway.
For more information, see What is Amazon CloudWatch Logs?
" + }, + "GatewayCapacity": { + "shape": "GatewayCapacity", + "documentation": "Specifies the size of the gateway's metadata cache.
" } } }, @@ -6404,7 +6508,7 @@ }, "KMSEncrypted": { "shape": "Boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.
A value that sets the access control list (ACL) permission for objects in the S3 bucket that a S3 File Gateway puts objects into. The default value is private.
The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks.
" + "documentation": "The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IP addresses or valid CIDR blocks.
" }, "Squash": { "shape": "Squash", @@ -6479,7 +6583,7 @@ }, "KMSEncrypted": { "shape": "Boolean", - "documentation": "Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.
Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA
A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.
A value that sets the access control list (ACL) permission for objects in the S3 bucket that a S3 File Gateway puts objects into. The default value is private.
Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.
For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the AWS Storage Gateway User Guide.
Valid Values: true | false
Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.
For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the Storage Gateway User Guide.
Valid Values: true | false
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
Specifies whether opportunistic locking is enabled for the SMB file share.
Enabling opportunistic locking on case-sensitive shares is not recommended for workloads that involve access to files with the same name in different case.
Valid Values: true | false
UpdateSMBFileShareInput
" @@ -6594,7 +6702,7 @@ }, "SMBSecurityStrategy": { "shape": "SMBSecurityStrategy", - "documentation": "Specifies the type of security strategy.
ClientSpecified: if you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment.
MandatorySigning: if you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.
MandatoryEncryption: if you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer.
" + "documentation": "Specifies the type of security strategy.
ClientSpecified: if you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment. Supported only in S3 File Gateway.
MandatorySigning: if you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.
MandatoryEncryption: if you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer.
" } } }, @@ -6882,5 +6990,5 @@ "type": "string" } }, - "documentation": "AWS Storage Gateway is the service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on-premises IT environment and the AWS storage infrastructure. The service enables you to securely upload data to the AWS Cloud for cost effective backup and rapid disaster recovery.
Use the following links to get started using the AWS Storage Gateway Service API Reference:
AWS Storage Gateway required request headers: Describes the required headers that you must send with every POST request to AWS Storage Gateway.
Signing requests: AWS Storage Gateway requires that you authenticate every request you send; this topic describes how sign such a request.
Error responses: Provides reference information about AWS Storage Gateway errors.
Operations in AWS Storage Gateway: Contains detailed descriptions of all AWS Storage Gateway operations, their request parameters, response elements, possible errors, and examples of requests and responses.
AWS Storage Gateway endpoints and quotas: Provides a list of each AWS Region and the endpoints available for use with AWS Storage Gateway.
AWS Storage Gateway resource IDs are in uppercase. When you use these resource IDs with the Amazon EC2 API, EC2 expects resource IDs in lowercase. You must change your resource ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be vol-AA22BB012345DAF670. When you use this ID with the EC2 API, you must change it to vol-aa22bb012345daf670. Otherwise, the EC2 API might not behave as expected.
IDs for Storage Gateway volumes and Amazon EBS snapshots created from gateway volumes are changing to a longer format. Starting in December 2016, all new volumes and snapshots will be created with a 17-character string. Starting in April 2016, you will be able to use these longer IDs so you can test your systems with the new format. For more information, see Longer EC2 and EBS resource IDs.
For example, a volume Amazon Resource Name (ARN) with the longer volume ID format looks like the following:
arn:aws:storagegateway:us-west-2:111122223333:gateway/sgw-12A3456B/volume/vol-1122AABBCCDDEEFFG.
A snapshot ID with the longer ID format looks like the following: snap-78e226633445566ee.
For more information, see Announcement: Heads-up – Longer AWS Storage Gateway volume and snapshot IDs coming in 2016.
Storage Gateway is the service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on-premises IT environment and the Amazon Web Services storage infrastructure. The service enables you to securely upload data to the Cloud for cost effective backup and rapid disaster recovery.
Use the following links to get started using the Storage Gateway Service API Reference:
Storage Gateway required request headers: Describes the required headers that you must send with every POST request to Storage Gateway.
Signing requests: Storage Gateway requires that you authenticate every request you send; this topic describes how sign such a request.
Error responses: Provides reference information about Storage Gateway errors.
Operations in Storage Gateway: Contains detailed descriptions of all Storage Gateway operations, their request parameters, response elements, possible errors, and examples of requests and responses.
Storage Gateway endpoints and quotas: Provides a list of each Region and the endpoints available for use with Storage Gateway.
Storage Gateway resource IDs are in uppercase. When you use these resource IDs with the Amazon EC2 API, EC2 expects resource IDs in lowercase. You must change your resource ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be vol-AA22BB012345DAF670. When you use this ID with the EC2 API, you must change it to vol-aa22bb012345daf670. Otherwise, the EC2 API might not behave as expected.
IDs for Storage Gateway volumes and Amazon EBS snapshots created from gateway volumes are changing to a longer format. Starting in December 2016, all new volumes and snapshots will be created with a 17-character string. Starting in April 2016, you will be able to use these longer IDs so you can test your systems with the new format. For more information, see Longer EC2 and EBS resource IDs.
For example, a volume Amazon Resource Name (ARN) with the longer volume ID format looks like the following:
arn:aws:storagegateway:us-west-2:111122223333:gateway/sgw-12A3456B/volume/vol-1122AABBCCDDEEFFG.
A snapshot ID with the longer ID format looks like the following: snap-78e226633445566ee.
For more information, see Announcement: Heads-up – Longer Storage Gateway volume and snapshot IDs coming in 2016.
Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access. For a comparison of AssumeRole with other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.
Permissions
The temporary security credentials created by AssumeRole can be used to make API calls to any AWS service with the following exception: You cannot call the AWS STS GetFederationToken or GetSessionToken API operations.
(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
To assume a role from a different account, your AWS account must be trusted by the role. The trust relationship is defined in the role's trust policy when the role is created. That trust policy states which accounts are allowed to delegate that access to users in the account.
A user who wants to access a role in a different account must also have permissions that are delegated from the user account administrator. The administrator must attach a policy that allows the user to call AssumeRole for the ARN of the role in the other account. If the user is in the same account as the role, then you can do either of the following:
Attach a policy to the user (identical to the previous user in a different account).
Add the user as a principal directly in the role's trust policy.
In this case, the trust policy acts as an IAM resource-based policy. Users in the same account as the role do not need explicit permission to assume the role. For more information about trust policies and resource-based policies, see IAM Policies in the IAM User Guide.
Tags
(Optional) You can pass tag key-value pairs to your session. These tags are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.
You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
Using MFA with AssumeRole
(Optional) You can include multi-factor authentication (MFA) information when you call AssumeRole. This is useful for cross-account scenarios to ensure that the user that assumes the role has been authenticated with an AWS MFA device. In that scenario, the trust policy of the role being assumed includes a condition that tests for MFA authentication. If the caller does not include valid MFA information, the request to assume the role is denied. The condition in a trust policy that tests for MFA authentication might look like the following example.
\"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": true}}
For more information, see Configuring MFA-Protected API Access in the IAM User Guide guide.
To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode parameters. The SerialNumber value identifies the user's hardware or virtual MFA device. The TokenCode is the time-based one-time password (TOTP) that the MFA device produces.
Returns a set of temporary security credentials that you can use to access Amazon Web Services resources that you might not normally have access to. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access. For a comparison of AssumeRole with other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.
Permissions
The temporary security credentials created by AssumeRole can be used to make API calls to any Amazon Web Services service with the following exception: You cannot call the STS GetFederationToken or GetSessionToken API operations.
(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
To assume a role from a different account, your account must be trusted by the role. The trust relationship is defined in the role's trust policy when the role is created. That trust policy states which accounts are allowed to delegate that access to users in the account.
A user who wants to access a role in a different account must also have permissions that are delegated from the user account administrator. The administrator must attach a policy that allows the user to call AssumeRole for the ARN of the role in the other account. If the user is in the same account as the role, then you can do either of the following:
Attach a policy to the user (identical to the previous user in a different account).
Add the user as a principal directly in the role's trust policy.
In this case, the trust policy acts as an IAM resource-based policy. Users in the same account as the role do not need explicit permission to assume the role. For more information about trust policies and resource-based policies, see IAM Policies in the IAM User Guide.
Tags
(Optional) You can pass tag key-value pairs to your session. These tags are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.
You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
Using MFA with AssumeRole
(Optional) You can include multi-factor authentication (MFA) information when you call AssumeRole. This is useful for cross-account scenarios to ensure that the user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that scenario, the trust policy of the role being assumed includes a condition that tests for MFA authentication. If the caller does not include valid MFA information, the request to assume the role is denied. The condition in a trust policy that tests for MFA authentication might look like the following example.
\"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": true}}
For more information, see Configuring MFA-Protected API Access in the IAM User Guide guide.
To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode parameters. The SerialNumber value identifies the user's hardware or virtual MFA device. The TokenCode is the time-based one-time password (TOTP) that the MFA device produces.
Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based AWS access without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.
The temporary security credentials returned by this operation consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS services.
Session Duration
By default, the temporary security credentials created by AssumeRoleWithSAML last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. Your role session lasts for the duration that you specify, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.
Role chaining limits your AWS CLI or AWS API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails.
Permissions
The temporary security credentials created by AssumeRoleWithSAML can be used to make API calls to any AWS service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.
(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
Calling AssumeRoleWithSAML does not require the use of AWS security credentials. The identity of the caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider.
Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail logs. The entry includes the value in the NameID element of the SAML assertion. We recommend that you use a NameIDType that is not associated with any personally identifiable information (PII). For example, you could instead use the persistent identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
Tags
(Optional) You can configure your IdP to pass attributes into your SAML assertion as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
You can pass a session tag with the same key as a tag that is attached to the role. When you do, session tags override the role's tags with the same key.
An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.
You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
SAML Configuration
Before your application can call AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that represents your identity provider. You must also create an IAM role that specifies this SAML provider in its trust policy.
For more information, see the following resources:
About SAML 2.0-based Federation in the IAM User Guide.
Creating SAML Identity Providers in the IAM User Guide.
Configuring a Relying Party and Claims in the IAM User Guide.
Creating a Role for SAML 2.0 Federation in the IAM User Guide.
Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.
The temporary security credentials returned by this operation consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services services.
Session Duration
By default, the temporary security credentials created by AssumeRoleWithSAML last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. Your role session lasts for the duration that you specify, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.
Role chaining limits your CLI or Amazon Web Services API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails.
Permissions
The temporary security credentials created by AssumeRoleWithSAML can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.
(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
Calling AssumeRoleWithSAML does not require the use of Amazon Web Services security credentials. The identity of the caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider.
Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. The entry includes the value in the NameID element of the SAML assertion. We recommend that you use a NameIDType that is not associated with any personally identifiable information (PII). For example, you could instead use the persistent identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
Tags
(Optional) You can configure your IdP to pass attributes into your SAML assertion as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
You can pass a session tag with the same key as a tag that is attached to the role. When you do, session tags override the role's tags with the same key.
An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.
You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
SAML Configuration
Before your application can call AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that represents your identity provider. You must also create an IAM role that specifies this SAML provider in its trust policy.
For more information, see the following resources:
About SAML 2.0-based Federation in the IAM User Guide.
Creating SAML Identity Providers in the IAM User Guide.
Configuring a Relying Party and Claims in the IAM User Guide.
Creating a Role for SAML 2.0 Federation in the IAM User Guide.
Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity provider.
For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the AWS SDK for iOS Developer Guide and the AWS SDK for Android Developer Guide to uniquely identify a user. You can also supply the user with a consistent identity throughout the lifetime of an application.
To learn more about Amazon Cognito, see Amazon Cognito Overview in AWS SDK for Android Developer Guide and Amazon Cognito Overview in the AWS SDK for iOS Developer Guide.
Calling AssumeRoleWithWebIdentity does not require the use of AWS security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term AWS credentials in the application. You also don't need to deploy server-based proxy services that use long-term AWS credentials. Instead, the identity of the caller is validated by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.
The temporary security credentials returned by this API consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS service API operations.
Session Duration
By default, the temporary security credentials created by AssumeRoleWithWebIdentity last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. You can provide a value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.
Permissions
The temporary security credentials created by AssumeRoleWithWebIdentity can be used to make API calls to any AWS service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.
(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
Tags
(Optional) You can configure your IdP to pass attributes into your web identity token as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
You can pass a session tag with the same key as a tag that is attached to the role. When you do, the session tag overrides the role tag with the same key.
An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.
You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
Identities
Before your application can call AssumeRoleWithWebIdentity, you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy.
Calling AssumeRoleWithWebIdentity can result in an entry in your AWS CloudTrail logs. The entry includes the Subject of the provided web identity token. We recommend that you avoid using any personally identifiable information (PII) in this field. For example, you could instead use a GUID or a pairwise identifier, as suggested in the OIDC specification.
For more information about how to use web identity federation and the AssumeRoleWithWebIdentity API, see the following resources:
Using Web Identity Federation API Operations for Mobile Apps and Federation Through a Web-based Identity Provider.
Web Identity Federation Playground. Walk through the process of authenticating through Login with Amazon, Facebook, or Google, getting temporary security credentials, and then using those credentials to make a request to AWS.
AWS SDK for iOS Developer Guide and AWS SDK for Android Developer Guide. These toolkits contain sample apps that show how to invoke the identity providers. The toolkits then show how to use the information from these providers to get and use temporary security credentials.
Web Identity Federation with Mobile Applications. This article discusses web identity federation and shows an example of how to use web identity federation to get access to content in Amazon S3.
Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity provider.
For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide and the Amazon Web Services SDK for Android Developer Guide to uniquely identify a user. You can also supply the user with a consistent identity throughout the lifetime of an application.
To learn more about Amazon Cognito, see Amazon Cognito Overview in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito Overview in the Amazon Web Services SDK for iOS Developer Guide.
Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web Services security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term Amazon Web Services credentials in the application. You also don't need to deploy server-based proxy services that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.
The temporary security credentials returned by this API consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services service API operations.
Session Duration
By default, the temporary security credentials created by AssumeRoleWithWebIdentity last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. You can provide a value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.
Permissions
The temporary security credentials created by AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.
(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
Tags
(Optional) You can configure your IdP to pass attributes into your web identity token as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
You can pass a session tag with the same key as a tag that is attached to the role. When you do, the session tag overrides the role tag with the same key.
An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.
You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
Identities
Before your application can call AssumeRoleWithWebIdentity, you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy.
Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail logs. The entry includes the Subject of the provided web identity token. We recommend that you avoid using any personally identifiable information (PII) in this field. For example, you could instead use a GUID or a pairwise identifier, as suggested in the OIDC specification.
For more information about how to use web identity federation and the AssumeRoleWithWebIdentity API, see the following resources:
Using Web Identity Federation API Operations for Mobile Apps and Federation Through a Web-based Identity Provider.
Web Identity Federation Playground. Walk through the process of authenticating through Login with Amazon, Facebook, or Google, getting temporary security credentials, and then using those credentials to make a request to Amazon Web Services.
Amazon Web Services SDK for iOS Developer Guide and Amazon Web Services SDK for Android Developer Guide. These toolkits contain sample apps that show how to invoke the identity providers. The toolkits then show how to use the information from these providers to get and use temporary security credentials.
Web Identity Federation with Mobile Applications. This article discusses web identity federation and shows an example of how to use web identity federation to get access to content in Amazon S3.
Decodes additional information about the authorization status of a request from an encoded message returned in response to an AWS request.
For example, if a user is not authorized to perform an operation that he or she has requested, the request returns a Client.UnauthorizedOperation response (an HTTP 403 response). Some AWS operations additionally return an encoded message that can provide details about this authorization failure.
Only certain AWS operations return an encoded authorization message. The documentation for an individual operation indicates whether that operation returns an encoded message in addition to returning an HTTP code.
The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.
The decoded message includes the following type of information:
Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see Determining Whether a Request is Allowed or Denied in the IAM User Guide.
The principal who made the request.
The requested action.
The requested resource.
The values of condition keys in the context of the user's request.
Decodes additional information about the authorization status of a request from an encoded message returned in response to an Amazon Web Services request.
For example, if a user is not authorized to perform an operation that he or she has requested, the request returns a Client.UnauthorizedOperation response (an HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can provide details about this authorization failure.
Only certain Amazon Web Services operations return an encoded authorization message. The documentation for an individual operation indicates whether that operation returns an encoded message in addition to returning an HTTP code.
The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.
The decoded message includes the following type of information:
Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see Determining Whether a Request is Allowed or Denied in the IAM User Guide.
The principal who made the request.
The requested action.
The requested resource.
The values of condition keys in the context of the user's request.
Returns the account identifier for the specified access key ID.
Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For more information about access keys, see Managing Access Keys for IAM Users in the IAM User Guide.
When you pass an access key ID to this operation, it returns the ID of the AWS account to which the keys belong. Access key IDs beginning with AKIA are long-term credentials for an IAM user or the AWS account root user. Access key IDs beginning with ASIA are temporary credentials that are created using STS operations. If the account in the response belongs to you, you can sign in as the root user and review your root user access keys. Then, you can pull a credentials report to learn which IAM user owns the keys. To learn who requested the temporary credentials for an ASIA access key, view the STS events in your CloudTrail logs in the IAM User Guide.
This operation does not indicate the state of the access key. The key might be active, inactive, or deleted. Active keys might not have permissions to perform an operation. Providing a deleted access key might return an error that the key doesn't exist.
" + "documentation": "Returns the account identifier for the specified access key ID.
Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For more information about access keys, see Managing Access Keys for IAM Users in the IAM User Guide.
When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services account to which the keys belong. Access key IDs beginning with AKIA are long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs beginning with ASIA are temporary credentials that are created using STS operations. If the account in the response belongs to you, you can sign in as the root user and review your root user access keys. Then, you can pull a credentials report to learn which IAM user owns the keys. To learn who requested the temporary credentials for an ASIA access key, view the STS events in your CloudTrail logs in the IAM User Guide.
This operation does not indicate the state of the access key. The key might be active, inactive, or deleted. Active keys might not have permissions to perform an operation. Providing a deleted access key might return an error that the key doesn't exist.
" }, "GetCallerIdentity": { "name": "GetCallerIdentity", @@ -189,7 +189,7 @@ "shape": "RegionDisabledException" } ], - "documentation": "Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the GetFederationToken operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of GetFederationToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.
You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide.
You can also call GetFederationToken using the security credentials of an AWS account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide.
Session duration
The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account root user credentials have a maximum duration of 3,600 seconds (1 hour).
Permissions
You can use the temporary credentials created by GetFederationToken in any AWS service except the following:
You cannot call any IAM operations using the AWS CLI or the AWS API.
You cannot call any STS operations except GetCallerIdentity.
You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.
Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.
You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.
Tags
(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide.
You can also call GetFederationToken using the security credentials of an AWS account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide.
Session duration
The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account root user credentials have a maximum duration of 3,600 seconds (1 hour).
Permissions
You can use the temporary credentials created by GetFederationToken in any AWS service except the following:
You cannot call any IAM operations using the AWS CLI or the AWS API.
You cannot call any STS operations except GetCallerIdentity.
You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plain text that you use for both inline and managed session policies can't exceed 2,048 characters.
Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.
You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.
Tags
(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.
Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the user that you are federating has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the user tag.
Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the GetFederationToken operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of GetFederationToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.
You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide.
You can also call GetFederationToken using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide.
Session duration
The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour).
Permissions
You can use the temporary credentials created by GetFederationToken in any Amazon Web Services service except the following:
You cannot call any IAM operations using the CLI or the Amazon Web Services API.
You cannot call any STS operations except GetCallerIdentity.
You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.
Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.
You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.
Tags
(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide.
You can also call GetFederationToken using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide.
Session duration
The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour).
Permissions
You can use the temporary credentials created by GetFederationToken in any Amazon Web Services service except the following:
You cannot call any IAM operations using the CLI or the Amazon Web Services API.
You cannot call any STS operations except GetCallerIdentity.
You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plain text that you use for both inline and managed session policies can't exceed 2,048 characters.
Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.
You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.
Tags
(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.
Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the user that you are federating has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the user tag.
Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to specific AWS API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to API operations that require MFA authentication. If you do not supply a correct MFA code, then the API returns an access denied error. For a comparison of GetSessionToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.
Session Duration
The GetSessionToken operation must be called by using the long-term AWS security credentials of the AWS account root user or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour.
Permissions
The temporary security credentials created by GetSessionToken can be used to make API calls to any AWS service with the following exceptions:
You cannot call any IAM API operations unless MFA authentication information is included in the request.
You cannot call any STS API except AssumeRole or GetCallerIdentity.
We recommend that you do not call GetSessionToken with AWS account root user credentials. Instead, follow our best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with AWS.
The credentials that are returned by GetSessionToken are based on permissions associated with the user whose credentials were used to call the operation. If GetSessionToken is called using AWS account root user credentials, the temporary credentials have root user permissions. Similarly, if GetSessionToken is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user.
For more information about using GetSessionToken to create temporary credentials, go to Temporary Credentials for Users in Untrusted Environments in the IAM User Guide.
Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to specific Amazon Web Services API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to API operations that require MFA authentication. If you do not supply a correct MFA code, then the API returns an access denied error. For a comparison of GetSessionToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.
Session Duration
The GetSessionToken operation must be called by using the long-term Amazon Web Services security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour.
Permissions
The temporary security credentials created by GetSessionToken can be used to make API calls to any Amazon Web Services service with the following exceptions:
You cannot call any IAM API operations unless MFA authentication information is included in the request.
You cannot call any STS API except AssumeRole or GetCallerIdentity.
We recommend that you do not call GetSessionToken with Amazon Web Services account root user credentials. Instead, follow our best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with Amazon Web Services.
The credentials that are returned by GetSessionToken are based on permissions associated with the user whose credentials were used to call the operation. If GetSessionToken is called using Amazon Web Services account root user credentials, the temporary credentials have root user permissions. Similarly, if GetSessionToken is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user.
For more information about using GetSessionToken to create temporary credentials, go to Temporary Credentials for Users in Untrusted Environments in the IAM User Guide.
An identifier for the assumed role session.
Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the account that owns the role. The role session name is also used in the ARN of the assumed role principal. This means that subsequent cross-account API requests that use the temporary security credentials will expose the role session name to the external account in their AWS CloudTrail logs.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
" + "documentation": "An identifier for the assumed role session.
Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the account that owns the role. The role session name is also used in the ARN of the assumed role principal. This means that subsequent cross-account API requests that use the temporary security credentials will expose the role session name to the external account in their CloudTrail logs.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
" }, "PolicyArns": { "shape": "policyDescriptorListType", - "documentation": "The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.
This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
" + "documentation": "The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.
This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
" }, "Policy": { "shape": "sessionPolicyDocumentType", - "documentation": "An IAM policy in JSON format that you want to use as an inline session policy.
This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
An IAM policy in JSON format that you want to use as an inline session policy.
This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
The duration, in seconds, of the role session. The value specified can can range from 900 seconds (15 minutes) up to the maximum session duration that is set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
By default, the value is set to 3600 seconds.
The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.
The duration, in seconds, of the role session. The value specified can can range from 900 seconds (15 minutes) up to the maximum session duration that is set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
By default, the value is set to 3600 seconds.
The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the Management Console in the IAM User Guide.
A list of session tags that you want to pass. Each session tag consists of a key name and an associated value. For more information about session tags, see Tagging AWS STS Sessions in the IAM User Guide.
This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session tags override a role tag with the same key.
Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the role has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.
Additionally, if you used temporary credentials to perform this operation, the new session inherits any transitive session tags from the calling session. If you pass a session tag with the same key as an inherited tag, the operation fails. To view the inherited tags for a session, see the AWS CloudTrail logs. For more information, see Viewing Session Tags in CloudTrail in the IAM User Guide.
" + "documentation": "A list of session tags that you want to pass. Each session tag consists of a key name and an associated value. For more information about session tags, see Tagging STS Sessions in the IAM User Guide.
This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session tags override a role tag with the same key.
Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the role has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.
Additionally, if you used temporary credentials to perform this operation, the new session inherits any transitive session tags from the calling session. If you pass a session tag with the same key as an inherited tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For more information, see Viewing Session Tags in CloudTrail in the IAM User Guide.
" }, "TransitiveTagKeys": { "shape": "tagKeyListType", @@ -250,7 +250,7 @@ }, "ExternalId": { "shape": "externalIdType", - "documentation": "A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party in the IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
" + "documentation": "A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
" }, "SerialNumber": { "shape": "serialNumberType", @@ -262,7 +262,7 @@ }, "SourceIdentity": { "shape": "sourceIdentityType", - "documentation": "The source identity specified by the principal that is calling the AssumeRole operation.
You can require users to specify a source identity when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. You can use source identity information in AWS CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity condition key to further control access to AWS resources based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-. You cannot use a value that begins with the text aws:. This prefix is reserved for AWS internal use.
The source identity specified by the principal that is calling the AssumeRole operation.
You can require users to specify a source identity when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. You can use source identity information in CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity condition key to further control access to Amazon Web Services resources based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-. You cannot use a value that begins with the text aws:. This prefix is reserved for Amazon Web Services internal use.
The source identity specified by the principal that is calling the AssumeRole operation.
You can require users to specify a source identity when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. You can use source identity information in AWS CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity condition key to further control access to AWS resources based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
" + "documentation": "The source identity specified by the principal that is calling the AssumeRole operation.
You can require users to specify a source identity when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. You can use source identity information in CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity condition key to further control access to Amazon Web Services resources based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
" } }, - "documentation": "Contains the response to a successful AssumeRole request, including temporary AWS credentials that can be used to make AWS requests.
" + "documentation": "Contains the response to a successful AssumeRole request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.
" }, "AssumeRoleWithSAMLRequest": { "type": "structure", @@ -310,15 +310,15 @@ }, "PolicyArns": { "shape": "policyDescriptorListType", - "documentation": "The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.
This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
" + "documentation": "The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.
This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
" }, "Policy": { "shape": "sessionPolicyDocumentType", - "documentation": "An IAM policy in JSON format that you want to use as an inline session policy.
This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
An IAM policy in JSON format that you want to use as an inline session policy.
This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for the DurationSeconds parameter, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
By default, the value is set to 3600 seconds.
The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.
The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for the DurationSeconds parameter, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
By default, the value is set to 3600 seconds.
The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the Management Console in the IAM User Guide.
A hash value based on the concatenation of the following:
The Issuer response value.
The AWS account ID.
The friendly name (the last part of the ARN) of the SAML provider in IAM.
The combination of NameQualifier and Subject can be used to uniquely identify a federated user.
The following pseudocode shows how the hash value is calculated:
BASE64 ( SHA1 ( \"https://example.com/saml\" + \"123456789012\" + \"/MySAMLIdP\" ) )
A hash value based on the concatenation of the following:
The Issuer response value.
The Amazon Web Services account ID.
The friendly name (the last part of the ARN) of the SAML provider in IAM.
The combination of NameQualifier and Subject can be used to uniquely identify a federated user.
The following pseudocode shows how the hash value is calculated:
BASE64 ( SHA1 ( \"https://example.com/saml\" + \"123456789012\" + \"/MySAMLIdP\" ) )
The value in the SourceIdentity attribute in the SAML assertion.
You can require users to set a source identity value when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. That way, actions that are taken with the role are associated with that user. After the source identity is set, the value cannot be changed. It is present in the request for all actions that are taken by the role and persists across chained role sessions. You can configure your SAML identity provider to use an attribute associated with your users, like user name or email, as the source identity when calling AssumeRoleWithSAML. You do this by adding an attribute to the SAML assertion. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
" } }, - "documentation": "Contains the response to a successful AssumeRoleWithSAML request, including temporary AWS credentials that can be used to make AWS requests.
" + "documentation": "Contains the response to a successful AssumeRoleWithSAML request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.
" }, "AssumeRoleWithWebIdentityRequest": { "type": "structure", @@ -390,15 +390,15 @@ }, "PolicyArns": { "shape": "policyDescriptorListType", - "documentation": "The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.
This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
" + "documentation": "The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.
This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
" }, "Policy": { "shape": "sessionPolicyDocumentType", - "documentation": "An IAM policy in JSON format that you want to use as an inline session policy.
This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
An IAM policy in JSON format that you want to use as an inline session policy.
This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.
The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
By default, the value is set to 3600 seconds.
The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.
The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
By default, the value is set to 3600 seconds.
The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the Management Console in the IAM User Guide.
The value of the source identity that is returned in the JSON web token (JWT) from the identity provider.
You can require users to set a source identity value when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. That way, actions that are taken with the role are associated with that user. After the source identity is set, the value cannot be changed. It is present in the request for all actions that are taken by the role and persists across chained role sessions. You can configure your identity provider to use an attribute associated with your users, like user name or email, as the source identity when calling AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web token. To learn more about OIDC tokens and claims, see Using Tokens with User Pools in the Amazon Cognito Developer Guide. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
" } }, - "documentation": "Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary AWS credentials that can be used to make AWS requests.
" + "documentation": "Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.
" }, "AssumedRoleUser": { "type": "structure", @@ -445,7 +445,7 @@ "members": { "AssumedRoleId": { "shape": "assumedRoleIdType", - "documentation": "A unique identifier that contains the role ID and the role session name of the role that is being assumed. The role ID is generated by AWS when the role is created.
" + "documentation": "A unique identifier that contains the role ID and the role session name of the role that is being assumed. The role ID is generated by Amazon Web Services when the role is created.
" }, "Arn": { "shape": "arnType", @@ -483,7 +483,7 @@ "documentation": "The date on which the current credentials expire.
" } }, - "documentation": "AWS credentials for API authentication.
" + "documentation": "Amazon Web Services credentials for API authentication.
" }, "DecodeAuthorizationMessageRequest": { "type": "structure", @@ -505,7 +505,7 @@ "documentation": "An XML document that contains the decoded message.
" } }, - "documentation": "A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an AWS request.
" + "documentation": "A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an Amazon Web Services request.
" }, "FederatedUser": { "type": "structure", @@ -542,7 +542,7 @@ "members": { "Account": { "shape": "accountType", - "documentation": "The number used to identify the AWS account.
" + "documentation": "The number used to identify the Amazon Web Services account.
" } } }, @@ -559,11 +559,11 @@ }, "Account": { "shape": "accountType", - "documentation": "The AWS account ID number of the account that owns or contains the calling entity.
" + "documentation": "The Amazon Web Services account ID number of the account that owns or contains the calling entity.
" }, "Arn": { "shape": "arnType", - "documentation": "The AWS ARN associated with the calling entity.
" + "documentation": "The Amazon Web Services ARN associated with the calling entity.
" } }, "documentation": "Contains the response to a successful GetCallerIdentity request, including information about the entity making the request.
" @@ -580,19 +580,19 @@ }, "Policy": { "shape": "sessionPolicyDocumentType", - "documentation": "An IAM policy in JSON format that you want to use as an inline session policy.
You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies.
This parameter is optional. However, if you do not pass any session policies, then the resulting federated user session has no permissions.
When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide.
The resulting credentials can be used to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions that are granted by the session policies.
The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
An IAM policy in JSON format that you want to use as an inline session policy.
You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies.
This parameter is optional. However, if you do not pass any session policies, then the resulting federated user session has no permissions.
When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide.
The resulting credentials can be used to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions that are granted by the session policies.
The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy. The policies must exist in the same account as the IAM user that is requesting federated access.
You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
This parameter is optional. However, if you do not pass any session policies, then the resulting federated user session has no permissions.
When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide.
The resulting credentials can be used to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions that are granted by the session policies.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy. The policies must exist in the same account as the IAM user that is requesting federated access.
You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
This parameter is optional. However, if you do not pass any session policies, then the resulting federated user session has no permissions.
When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide.
The resulting credentials can be used to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions that are granted by the session policies.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained using AWS account root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified duration is longer than one hour, the session obtained by using root user credentials defaults to one hour.
" + "documentation": "The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained using Amazon Web Services account root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified duration is longer than one hour, the session obtained by using root user credentials defaults to one hour.
" }, "Tags": { "shape": "tagListType", - "documentation": "A list of session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
You can pass a session tag with the same key as a tag that is already attached to the user you are federating. When you do, session tags override a user tag with the same key.
Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the role has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.
A list of session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.
This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.
You can pass a session tag with the same key as a tag that is already attached to the user you are federating. When you do, session tags override a user tag with the same key.
Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the role has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.
A percentage value that indicates the packed size of the session policies and session tags combined passed in the request. The request fails if the packed size is greater than 100 percent, which means the policies and tags exceeded the allowed space.
" } }, - "documentation": "Contains the response to a successful GetFederationToken request, including temporary AWS credentials that can be used to make AWS requests.
" + "documentation": "Contains the response to a successful GetFederationToken request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.
" }, "GetSessionTokenRequest": { "type": "structure", "members": { "DurationSeconds": { "shape": "durationSecondsType", - "documentation": "The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.
" + "documentation": "The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for Amazon Web Services account owners defaults to one hour.
" }, "SerialNumber": { "shape": "serialNumberType", - "documentation": "The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
" + "documentation": "The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the Management Console and viewing the user's security credentials.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
" }, "TokenCode": { "shape": "tokenCodeType", @@ -639,7 +639,7 @@ "documentation": "The temporary security credentials, which include an access key ID, a secret access key, and a security (or session) token.
The size of the security token that STS API operations return is not fixed. We strongly recommend that you make no assumptions about the maximum size.
Contains the response to a successful GetSessionToken request, including temporary AWS credentials that can be used to make AWS requests.
" + "documentation": "Contains the response to a successful GetSessionToken request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.
" }, "Issuer": { "type": "string" @@ -652,7 +652,7 @@ "members": { "arn": { "shape": "arnType", - "documentation": "The Amazon Resource Name (ARN) of the IAM managed policy to use as a session policy for the role. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
" + "documentation": "The Amazon Resource Name (ARN) of the IAM managed policy to use as a session policy for the role. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
" } }, "documentation": "A reference to the IAM managed policy that is passed as a session policy for a role session or a federated user session.
" @@ -684,7 +684,7 @@ "documentation": "The value for a session tag.
You can pass up to 50 session tags. The plain text session tag values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
" } }, - "documentation": "You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see Tagging AWS STS Sessions in the IAM User Guide.
" + "documentation": "You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see Tagging STS Sessions in the IAM User Guide.
" }, "accessKeyIdType": { "type": "string", @@ -837,5 +837,5 @@ "min": 6 } }, - "documentation": "AWS Security Token Service (STS) enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more information about using this service, see Temporary Security Credentials.
" + "documentation": "Security Token Service (STS) enables you to request temporary, limited-privilege credentials for Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more information about using this service, see Temporary Security Credentials.
" } \ No newline at end of file diff --git a/clients/chime.d.ts b/clients/chime.d.ts index d6f7537e07..1e42632079 100644 --- a/clients/chime.d.ts +++ b/clients/chime.d.ts @@ -187,6 +187,14 @@ declare class Chime extends Service { * Creates a new ChannelModerator. A channel moderator can: Add and remove other members of the channel. Add and remove other moderators of the channel. Add and remove user bans for the channel. Redact messages in the channel. List messages in the channel. The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header. */ createChannelModerator(callback?: (err: AWSError, data: Chime.Types.CreateChannelModeratorResponse) => void): Request